HTML5缓存和授权问题 [英] HTML5 cache and authorization issues
问题描述
我添加HTML5缓存写在主干上轨提供singlepage应用程序后,有一个问题。浏览器(Chrome)不重装HTML,这将导致在两个方面的问题:
I've got a problem after adding HTML5 caching to a singlepage app written in backbone on rails. Browser (chrome) isn't reloading the html and this causes problems in 2 ways:
1)主干骨架HTML有时会改变 - 在最起码让骨干知道,用户在签订然而与没有被加载HTML,应用程序不知道(刷新例如后)。我可以查询在页面加载服务器,但是这是我跳,以避免另一个请求。这也将迫使移动所有permisions逻辑到客户端 - 因此无论是从服务器复制康康舞设置或HTML中嵌入 - 我们遇到上述问题。
1) The skeleton html for backbone sometimes changes - at very least to let backbone know that user is signed in. However with html not being loaded, the app doesn't know that (after refresh for example). I could query the server on page load, but that's another request which I hopped to avoid. Also this would force moving all the permisions logic to the client - so either duplicate cancan setting from the server OR embed it in html - and we run into above issue.
2)Rails的CSRF令牌是在html,他们也不会改变 - 造成任何阿贾克斯后到不行。对于这个我不知道该怎么办。从我读会话生成的,所以也许在登录CSRF令牌/登出我可以用js的更新。然而在哪里得到它,它会工作?
2) Rails' csrf tokens are in the html, and they too don't change - causing any ajax post to not work. For this one I'm not sure what to do. From what I read csrf token is generated for session so maybe on login/logout I could update it with js. However where to get it, would it work ?
推荐答案
我知道这个问题是旧的,但我只是碰到了CSRF问题。
i know this question is old but i just ran into the CSRF issue.
尝试包括CSRF令牌在manifest文件的注释。所以每当它改变它会改变清单并强制重新加载。
Try including the CSRF token as a comment in the manifest file. So whenever it changes it will change the manifest and force a reload.
CACHE MANIFEST
# include CSRF token in manifest to force reload when it changes
# <%= form_authenticity_token %>
为了安全起见,你可以通过散列算法几次运行
to be safe you could run it through a hashing algorithm a few times
这篇关于HTML5缓存和授权问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!