Rails 4 重定向到 Chrome 中的“data:," [英] Rails 4 redirects to 'data:,' in Chrome

问题描述

谷歌浏览器中有一个奇怪的行为，在这个问题中也有描述:rails redirects to '数据:,'

There is a weird behavior in Google Chrome, which is also described in this question: rails redirects to 'data:,'

当创建新资源并且我的控制器重定向到显示操作时，chrome 开始加载一个空白页面，地址栏中带有 'data:,'.提出上述问题的作者回复如下:

When a new resource is being created and my controller redirects to the show action, chrome initiates loading of a blank page with 'data:,' in the address bar. The reply of the author who asked the above mentioned question is the following:

这是一项安全功能，新页面的 HTML 内容与提交表单的 HTML 内容匹配，Chrome 会阻止.

但是没有解释如何修复它.该行为仅存在于 Chrome 浏览器中.

However no explanation of how to fix it followed. The behavior is only present in Chrome browser.

推荐答案

我一直在谷歌搜索，发现在 Rails 4.0 中使用 iframe 编辑帖子会导致重定向到data:"，

I've been googling it and found that editing posts with an iframe in Rails 4.0 causes a redirect to "data:,"

Rails 4 现在为所有请求设置 X-XSS-Protection 标头，因此 iframe 在表单提交后会触发 Chrome 中的 XSS 保护.(https://github.com/elektronaut/sugar/issues/41#issuecomment-25987368)

Rails 4 now sets the X-XSS-Protection header for all requests, so the iframe trips up the XSS protection in Chrome after a form submit. (https://github.com/elektronaut/sugar/issues/41#issuecomment-25987368)

解决方案，将其添加到您的控制器中:

Solution, add it to your controller:

before_filter :disable_xss_protection

protected
def disable_xss_protection
  # Disabling this is probably not a good idea,
  # but the header causes Chrome to choke when being
  # redirected back after a submit and the page contains an iframe.
  response.headers['X-XSS-Protection'] = "0"
end

这篇关于Rails 4 重定向到 Chrome 中的“data:,"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！