Rails 4 重定向到 Chrome 中的“data:," [英] Rails 4 redirects to 'data:,' in Chrome

本文介绍了Rails 4 重定向到 Chrome 中的“data:,"的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!


谷歌浏览器中有一个奇怪的行为,在这个问题中也有描述:rails redirects to '数据:,'

There is a weird behavior in Google Chrome, which is also described in this question: rails redirects to 'data:,'

当创建新资源并且我的控制器重定向到显示操作时,chrome 开始加载一个空白页面,地址栏中带有 'data:,'.提出上述问题的作者回复如下:

When a new resource is being created and my controller redirects to the show action, chrome initiates loading of a blank page with 'data:,' in the address bar. The reply of the author who asked the above mentioned question is the following:

这是一项安全功能,新页面的 HTML 内容与提交表单的 HTML 内容匹配,Chrome 会阻止.

但是没有解释如何修复它.该行为仅存在于 Chrome 浏览器中.

However no explanation of how to fix it followed. The behavior is only present in Chrome browser.


我一直在谷歌搜索,发现在 Rails 4.0 中使用 iframe 编辑帖子会导致重定向到data:",

I've been googling it and found that editing posts with an iframe in Rails 4.0 causes a redirect to "data:,"

Rails 4 现在为所有请求设置 X-XSS-Protection 标头,因此 iframe 在表单提交后会触发 Chrome 中的 XSS 保护.(https://github.com/elektronaut/sugar/issues/41#issuecomment-25987368)

Rails 4 now sets the X-XSS-Protection header for all requests, so the iframe trips up the XSS protection in Chrome after a form submit. (https://github.com/elektronaut/sugar/issues/41#issuecomment-25987368)


Solution, add it to your controller:

before_filter :disable_xss_protection

def disable_xss_protection
  # Disabling this is probably not a good idea,
  # but the header causes Chrome to choke when being
  # redirected back after a submit and the page contains an iframe.
  response.headers['X-XSS-Protection'] = "0"

这篇关于Rails 4 重定向到 Chrome 中的“data:,"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

登录 关闭
发送“验证码”获取 | 15天全站免登陆