HTML5缓存和授权问题 [英] HTML5 cache and authorization issues

问题描述

我添加HTML5缓存写在主干上轨提供singlepage应用程序后，有一个问题。浏览器（Chrome）不重装HTML，这将导致在两个方面的问题：

I've got a problem after adding HTML5 caching to a singlepage app written in backbone on rails. Browser (chrome) isn't reloading the html and this causes problems in 2 ways:

1）主干骨架HTML有时会改变 - 在最起码让骨干知道，用户在签订然而与没有被加载HTML，应用程序不知道（刷新例如后）。我可以查询在页面加载服务器，但是这是我跳，以避免另一个请求。这也将迫使移动所有permisions逻辑到客户端 - 因此无论是从服务器复制康康舞设置或HTML中嵌入 - 我们遇到上述问题。

1) The skeleton html for backbone sometimes changes - at very least to let backbone know that user is signed in. However with html not being loaded, the app doesn't know that (after refresh for example). I could query the server on page load, but that's another request which I hopped to avoid. Also this would force moving all the permisions logic to the client - so either duplicate cancan setting from the server OR embed it in html - and we run into above issue.

2）Rails的CSRF令牌是在html，他们也不会改变 - 造成任何阿贾克斯后到不行。对于这个我不知道该怎么办。从我读会话生成的，所以也许在登录CSRF令牌/登出我可以用js的更新。然而在哪里得到它，它会工作？

2) Rails' csrf tokens are in the html, and they too don't change - causing any ajax post to not work. For this one I'm not sure what to do. From what I read csrf token is generated for session so maybe on login/logout I could update it with js. However where to get it, would it work ?

推荐答案

我知道这个问题是旧的，但我只是碰到了CSRF问题。

i know this question is old but i just ran into the CSRF issue.

尝试包括CSRF令牌在manifest文件的注释。所以每当它改变它会改变清单并强制重新加载。

Try including the CSRF token as a comment in the manifest file. So whenever it changes it will change the manifest and force a reload.

CACHE MANIFEST
# include CSRF token in manifest to force reload when it changes
# <%= form_authenticity_token %>

为了安全起见，你可以通过散列算法几次运行

to be safe you could run it through a hashing algorithm a few times

这篇关于HTML5缓存和授权问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！