Rails(set_no_cache方法)无法禁用Safari和Opera中的浏览器缓存 [英] Rails ( set_no_cache method) Cannot disable browser caching in Safari and Opera

问题描述

在使用Devise进行身份验证之后，我发现其中存在一个安全漏洞，在用户注销后，会话变量将被保留.这样任何人都可以按后退"按钮并访问已登录用户的上一个屏幕.

After using Devise for my authentication, I found that there was a security hole in that, after the user logs out, the session variables are preserved. This allows anyone to press the back button and access the logged in user's previous screen.

我看了这些帖子 数字1 数字2 数字3

I looked at these posts Num 1 Num 2 Num 3

我将这些行添加到了application_controller

I added these lines to my application_controller

before_filter :set_no_cache
def set_no_cache
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
response.headers["Pragma"] = "no-cache"
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end

在_form.html.erb中，我将此添加到顶部

In the _form.html.erb I added this at the top

<%if user_signed_in? %>
<%=link_to "Sign Out",  destroy_user_session_path, :method => :delete %><br/>
<%= form_for(@listing) do |f| %>
<% if @listing.errors.any? %>
...........

然后我在Firefox，Chrome和Safari上测试了该应用程序.

Then I tested the application on Firefox, Chrome and Safari.

Firefox和Chrome很好，因为我注销并单击后退按钮，看不到用户的前一个屏幕，但是，在Safari和Opera中，这种不安全行为仍然存在.该代码无效.

Firefox and Chrome were fine in that I logged out and hit the back button and could not see the previous screen of the user, however, in Safari and Opera, the insecure behavior persists. This code does not have an effect.

关于如何解决此问题的任何建议?

Any suggestions on how to fix this?

谢谢

推荐答案

我遇到了同样的问题，找到了一个很好的解决方案，然后我将其写到了

I faced the same problem and found a good solution and I blogged it to

http://www .fordevs.com/2011/10/how-to-prevent-browser-from-caching-a-page-in-rails.html

要添加无缓存"，请在application_controller.rb文件中添加以下行

To add ‘no-cache’, add the following lines @ the application_controller.rb file

before_filter :set_no_cache

和功能

def set_no_cache
    response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
    response.headers["Pragma"] = "no-cache"
    response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end

这篇关于Rails(set_no_cache方法)无法禁用Safari和Opera中的浏览器缓存的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！