don*_*tch 3 https redirect ruby-on-rails nginx ruby-on-rails-4
在我的Rails 4应用程序中,我before_action要求用户登录,如下所示:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :require_login
def require_login
unless logged_in?
flash[:alert] = "You must be logged in to access this section."
redirect_to login_path
end
end
def logged_in?
# more logic
end
end
当我example.com在没有登录的情况下访问时,我会example.com/login按预期重定向到.但是,我在控制台中看到此错误:
The page at 'https://example.com/login' was loaded over HTTPS, but displayed
insecure content from 'http://example.com/login': this content should also
be loaded over HTTPS.
网络选项卡似乎表明我redirect_to指的是HTTP而不是HTTPS.当它命中HTTP时,它会自动重定向到HTTPS.
Request URL:http://example.com/login
Request Method:GET
Status Code:301 Moved Permanently
# In the response headers:
Location:https://example.com/login
有没有办法告诉redirect_to它应该使用HHTPS而不是HTTP,或者这是一个nginx配置?我认为使用login_path而不是login_url修复问题,因为它应该是相对于基础的,但这似乎不起作用.
更新:
我也考虑过使用force_ssl,但担心我正在用锤子敲针.如果我弄错了,请随意纠正我.
在你的application.rb(或environment.rb)中,你可以设置
config.force_ssl = true
这将使Rails始终使用安全端点.