如何针对某些路径在Rails 4中有选择地启用SSL? [英] How do I selectively enable SSL in Rails 4 for certain paths?
问题描述
如何针对给定路径关闭SSL HTTPS?我看到为某些资源操作启用SSL ,但这是为了启用HTTPS单一路径。我的配置有
How do I turn SSL HTTPS off for a given path? I saw Enable SSL for certain resource actions but that was to enable HTTPS for a single path. My config has
config.force_ssl = true
然而,当我显示一个包含iframe的页面并嵌入外部源时
However when I show a page that has an iframe and embeds an external source
<iframe src='http://www.
然后它甚至不显示(Chrome),因为它是混合内容。所以我想为具有iframe的单一路由禁用SSL。 (我真的想根据内容打开和关闭。)
Then it doesn't even appear (Chrome) because it is mixed content. So I want to disable SSL for that single route that has an iframe. (I really want to turn it on & off depending on the content.)
我尝试将此添加到我的 routes.rb
I tried adding this to my routes.rb
get 'frame', :constraints => { :protocol => 'http' }
但是错误 http://127.0。 0.1:3000 /帖子/ 136 /帧
No route matches [GET] "/posts/136/frame"
即使路线显示
frame_post GET /posts/:id/frame(.:format) posts#frame {:protocol=>"http"}
我还看到了强制Rails 3.1中特定路由的SSL 并尝试
gem 'rack-ssl-enforcer' # Gemfile
config.middleware.use Rack::SslEnforcer, :except => [ /\/frame$/ ], :strict => true # application.rb
但它仍然始终重定向到https。我也试过了
but it still always redirects to https. I also tried
force_ssl :except => :frame # posts_controller.rb
但这也不起作用。
我正在使用Rails 4.1。
I'm using Rails 4.1.
推荐答案
Rack ssl enforcer是一个很好的解决方案 - 你的正则表达式是错误的。在您的表单中,正则表达式只会排除完全为/ frame的路径,并且不会排除在/ frame之前有任何内容的路径
Rack ssl enforcer is a great solution for this - your regular expression is wrong. In your form, the regex would only exclude a path that is entirely '/frame', and would not exclude a path that had anything before /frame
如果您想要排除以 / frame 结尾的任何路径,正确的正则表达式为:
If you want to exclude any path that ends with /frame, The correct regular expression would be:
\.*\/frame$/
导致配置:
config.middleware.use Rack::SslEnforcer, :except => [ \.*\/frame$/ ], :strict => true
这篇关于如何针对某些路径在Rails 4中有选择地启用SSL?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!