Devise无法登录Google Chrome [英] Devise doesn't login in Google Chrome

问题描述

我正在使用Devise gem在Ruby on Rails Web应用程序中进行用户身份验证.这个过程非常简单.

I'm working on user authentication in a Ruby on Rails web app using Devise gem. The process with very straight forward.

但是，添加Nginx和ssl证书后，我可以在Mozilla Firefox中登录该应用程序，但无法在Google Chrome中登录.到目前为止，我唯一能找到的跟踪记录是我的环境日志文件中的以下几行:

However, after adding Nginx and ssl certificate, the application I'm able to login in Mozilla Firefox but unable to login in Google Chrome. The only trace I can find, so far, is these few lines in my environment log file:

Processing by Devise::SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"<some token>==", "user"=>{"email"=>"email@test.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"}
HTTP Origin header (https://<domain name>) didn't match request.base_url (: https://<domain name>:80)

我的/

location / {
        proxy_pass http://127.0.0.1:3000;

        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto: $scheme;
 }

注意: :如果我从/etc/nginx/conf.d/ssl.conf中删除proxy_set_header X-Forwarded-Proto: $scheme;，则日志文件中的错误将更改为:

Note: If I remove proxy_set_header X-Forwarded-Proto: $scheme; from /etc/nginx/conf.d/ssl.conf The error in log file changes to:

Processing by Devise::SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"<some token>==", "user"=>{"email"=>"email@test.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"}
HTTP Origin header (https://<domain name>) didn't match request.base_url (http://<domain name>:3000)

有没有办法解决这个问题?

Is there a way to fix this?

推荐答案

我临时修改了actionpack gem.

I temporarly modified actionpack gem.

在actionpack gem目录中的lib/action_controller/metal/request_forgery_protection.rb中，我更新了:

In lib/action_controller/metal/request_forgery_protection.rb inside actionpack gem directory I updated:

def valid_request_origin? # :doc:
    if forgery_protection_origin_check
      # We accept blank origin headers because some user agents don't send it.
      request.origin.nil? || request.origin == request.base_url
    else
      true
    end
  end

成为:

def valid_request_origin? # :doc:
    if forgery_protection_origin_check
      # We accept blank origin headers because some user agents don't send it.
      request.origin.nil? || request.origin == request.base_url || request.base_url == ": https://<domain name>:80"
    else
      true
    end
  end

这篇关于Devise无法登录Google Chrome的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！