从 InvalidCrossOriginRequest 救援时 Rails 4.1 中的 DoubleRenderError [英] DoubleRenderError in Rails 4.1 when rescuing from InvalidCrossOriginRequest
问题描述
我今天已经升级到 Rails 4.1.0.跨站点请求伪造 (CSRF) 保护现在也涵盖带有 JavaScript 响应的 GET 请求.
I've upgraded to Rails 4.1.0 today. Cross-site request forgery (CSRF) protection now covers GET requests with JavaScript responses, too.
我在应用中有一些远程 GET 链接被机器人攻击,现在抛出 ActionController::InvalidCrossOriginRequest 异常.
I have a few remote GET links in the app that are hit by the bots and are now throwing ActionController::InvalidCrossOriginRequest exception.
所以我在 application_controller 中添加了另一行rescue_from:
So I added another rescue_from line to application_controller:
rescue_from ActionController::InvalidCrossOriginRequest, with: :render_400
这是 render_400 方法:
Here's the render_400 method:
def render_400
render(nothing: true, status: 400) and return
end
我仍然收到 AbstractController::DoubleRenderError,即使我添加了 并返回
,如你所见.
I'm still getting AbstractController::DoubleRenderError even though I added and return
as you can see above.
它只发生在 ActionController::InvalidCrossOriginRequest 异常中.其他人喜欢例如ActionController::BadRequest 并且不会导致 AbstractController::DoubleRenderError.
It happens only with the ActionController::InvalidCrossOriginRequest exception. Others like e.g. ActionController::BadRequest and not resulting in AbstractController::DoubleRenderError.
推荐答案
根本原因是 response_body
的某些部分在触发错误之前已分配.
The underlying reason is that some part of the response_body
is assigned before the error is triggered.
您可以尝试在异常处理程序中调用 render
之前清除响应正文.
You could try clearing the response body before calling render
in the exception handler.
def render_400
# Clear the previous response body to avoid a DoubleRenderError
# when redirecting or rendering another view
self.response_body = nil
render(nothing: true, status: 400)
end
这篇关于从 InvalidCrossOriginRequest 救援时 Rails 4.1 中的 DoubleRenderError的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!