如何使用机架/保护在Sinatra中指定原始白名单选项 [英] How do I specify Origin Whitelist Options in Sinatra using Rack/Protection
问题描述
我有一个网络应用程序,让 http://web.example.com 向POST请求 http://api.example.com 。 api服务器运行最新版本的Sinatra,启用机架保护。我得到这个错误攻击由Rack :: Protection :: HttpOrigin阻止。
我可以这样做:
set:protection,:except => [:http_origin]
但我觉得我只是忽略了实际的问题。
我试图这样做:
使用Rack :: Protection :: HttpOrigin, :origin_whitelist => ['http://web.example.com']
但我仍然收到警告。 / p>
请求未被拒绝,但Sinatra清除我的会话请参阅post ,我需要session_id。
任何关于如何为HttpOrigin类指定option_whitelist的帮助或示例将非常感谢。
将选项作为散列传递给 set:protection
:
set:protection,:origin_whitelist => ['http://web.example.com']
Sinatra会将它们传递到 Rack :: Protection
我怀疑当你有<$ c $时会失败的原因c> use Rack :: Protection :: HttpOrigin,:origin_whitelist => ['http://web.example.com'] 是您仍然启用了保护,因此您最终会有两个实例 HttpOrigin
。您可以尝试
set:protection,:except => [:http_origin]
使用Rack :: Protection :: HttpOrigin,:origin_whitelist => ['http://web.example.com']
ve were together ),但我认为第一个解决方案更干净。
I have a web app, lets say http://web.example.com making a POST request to http://api.example.com. The api server is running the latest version of Sinatra with rack protection enabled. I am getting this error 'attack prevented by Rack::Protection::HttpOrigin'.
I can do something like this:
set :protection, :except => [:http_origin]
but I feel like I am just ignoring the actual problem.
I have tried to do this:
use Rack::Protection::HttpOrigin, :origin_whitelist => ['http://web.example.com']
but I still get the warning.
The request does not get rejected, but Sinatra clears my session see this post and I need the session_id.
Any help or examples on how to specify the option_whitelist for the HttpOrigin class would be greatly appreciated.
Pass your options as a hash to set :protection
:
set :protection, :origin_whitelist => ['http://web.example.com']
Sinatra will then pass them through to Rack::Protection
when setting it up.
I suspect the reason it is failing when you have use Rack::Protection::HttpOrigin, :origin_whitelist => ['http://web.example.com']
is that you still have protection enabled, so that you end up with two instances of HttpOrigin
. You could try
set :protection, :except => [:http_origin]
use Rack::Protection::HttpOrigin, :origin_whitelist => ['http://web.example.com']
(i.e. have both the lines you’ve tried together), but I think the first solution is cleaner.
这篇关于如何使用机架/保护在Sinatra中指定原始白名单选项的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!