Devise 无法在 Google Chrome 中登录 [英] Devise doesn't login in Google Chrome

问题描述

我正在使用 Devise gem 在 Ruby on Rails Web 应用程序中进行用户身份验证.过程非常简单.

I'm working on user authentication in a Ruby on Rails web app using Devise gem. The process with very straight forward.

但是，在添加了 Nginx 和 ssl 证书后，应用程序我可以在 Mozilla Firefox 中登录，但无法在 Google Chrome 中登录.到目前为止，我能找到的唯一痕迹是我的环境日志文件中的这几行:

However, after adding Nginx and ssl certificate, the application I'm able to login in Mozilla Firefox but unable to login in Google Chrome. The only trace I can find, so far, is these few lines in my environment log file:

Processing by Devise::SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"<some token>==", "user"=>{"email"=>"email@test.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"}
HTTP Origin header (https://<domain name>) didn't match request.base_url (: https://<domain name>:80)

/

location / {
        proxy_pass http://127.0.0.1:3000;

        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_set_header X-Forwarded-Proto: $scheme;
 }

注意:如果我从 /etc/nginx/conf 中删除 proxy_set_header X-Forwarded-Proto: $scheme;.d/ssl.conf 日志文件中的错误更改为:

Note: If I remove proxy_set_header X-Forwarded-Proto: $scheme; from /etc/nginx/conf.d/ssl.conf The error in log file changes to:

Processing by Devise::SessionsController#create as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"<some token>==", "user"=>{"email"=>"email@test.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"}
HTTP Origin header (https://<domain name>) didn't match request.base_url (http://<domain name>:3000)

有没有办法解决这个问题?

Is there a way to fix this?

推荐答案

我临时修改了 actionpack gem.

I temporarly modified actionpack gem.

在 lib/action_controller/metal/request_forgery_protection.rb 里面的 actionpack gem 目录我更新:

In lib/action_controller/metal/request_forgery_protection.rb inside actionpack gem directory I updated:

def valid_request_origin? # :doc:
    if forgery_protection_origin_check
      # We accept blank origin headers because some user agents don't send it.
      request.origin.nil? || request.origin == request.base_url
    else
      true
    end
  end

成为:

def valid_request_origin? # :doc:
    if forgery_protection_origin_check
      # We accept blank origin headers because some user agents don't send it.
      request.origin.nil? || request.origin == request.base_url || request.base_url == ": https://<domain name>:80"
    else
      true
    end
  end

这篇关于Devise 无法在 Google Chrome 中登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！