如何针对某些路径在Rails 4中有选择地启用SSL？ [英] How do I selectively enable SSL in Rails 4 for certain paths?

问题描述

如何针对给定路径关闭SSL HTTPS？我看到为某些资源操作启用SSL ，但这是为了启用HTTPS单一路径。我的配置有

How do I turn SSL HTTPS off for a given path? I saw Enable SSL for certain resource actions but that was to enable HTTPS for a single path. My config has

config.force_ssl = true

然而，当我显示一个包含iframe的页面并嵌入外部源时

However when I show a page that has an iframe and embeds an external source

<iframe src='http://www.

然后它甚至不显示（Chrome），因为它是混合内容。所以我想为具有iframe的单一路由禁用SSL。 （我真的想根据内容打开和关闭。）

Then it doesn't even appear (Chrome) because it is mixed content. So I want to disable SSL for that single route that has an iframe. (I really want to turn it on & off depending on the content.)

我尝试将此添加到我的 routes.rb

I tried adding this to my routes.rb

get 'frame', :constraints => { :protocol => 'http' }

但是错误 http：//127.0。 0.1：3000 /帖子/ 136 /帧

No route matches [GET] "/posts/136/frame"

即使路线显示

frame_post GET  /posts/:id/frame(.:format)  posts#frame {:protocol=>"http"}

我还看到了强制Rails 3.1中特定路由的SSL 并尝试

gem 'rack-ssl-enforcer' # Gemfile
config.middleware.use Rack::SslEnforcer, :except => [ /\/frame$/ ], :strict => true # application.rb

但它仍然始终重定向到https。我也试过了

but it still always redirects to https. I also tried

force_ssl :except => :frame # posts_controller.rb

但这也不起作用。

我正在使用Rails 4.1。

I'm using Rails 4.1.

推荐答案

Rack ssl enforcer是一个很好的解决方案 - 你的正则表达式是错误的。在您的表单中，正则表达式只会排除完全为/ frame的路径，并且不会排除在/ frame之前有任何内容的路径

Rack ssl enforcer is a great solution for this - your regular expression is wrong. In your form, the regex would only exclude a path that is entirely '/frame', and would not exclude a path that had anything before /frame

如果您想要排除以 / frame 结尾的任何路径，正确的正则表达式为：

If you want to exclude any path that ends with /frame, The correct regular expression would be:

\.*\/frame$/

导致配置：

config.middleware.use Rack::SslEnforcer, :except => [ \.*\/frame$/ ], :strict => true 

这篇关于如何针对某些路径在Rails 4中有选择地启用SSL？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！