Devise 无法在 Google Chrome 中登录 [英] Devise doesn't login in Google Chrome
问题描述
我正在使用 Devise gem 在 Ruby on Rails Web 应用程序中进行用户身份验证.过程非常简单.
I'm working on user authentication in a Ruby on Rails web app using Devise gem. The process with very straight forward.
但是,在添加了 Nginx 和 ssl 证书后,应用程序我可以在 Mozilla Firefox 中登录,但无法在 Google Chrome 中登录.到目前为止,我能找到的唯一痕迹是我的环境日志文件中的这几行:
However, after adding Nginx and ssl certificate, the application I'm able to login in Mozilla Firefox but unable to login in Google Chrome. The only trace I can find, so far, is these few lines in my environment log file:
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"<some token>==", "user"=>{"email"=>"email@test.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"}
HTTP Origin header (https://<domain name>) didn't match request.base_url (: https://<domain name>:80)
/
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto: $scheme;
}
注意:如果我从 /etc/nginx/conf 中删除
日志文件中的错误更改为:proxy_set_header X-Forwarded-Proto: $scheme;
.d/ssl.conf
Note: If I remove proxy_set_header X-Forwarded-Proto: $scheme;
from /etc/nginx/conf.d/ssl.conf
The error in log file changes to:
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"<some token>==", "user"=>{"email"=>"email@test.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"}
HTTP Origin header (https://<domain name>) didn't match request.base_url (http://<domain name>:3000)
有没有办法解决这个问题?
Is there a way to fix this?
推荐答案
我临时修改了 actionpack
gem.
I temporarly modified actionpack
gem.
在 lib/action_controller/metal/request_forgery_protection.rb
里面的 actionpack
gem 目录我更新:
In lib/action_controller/metal/request_forgery_protection.rb
inside actionpack
gem directory I updated:
def valid_request_origin? # :doc:
if forgery_protection_origin_check
# We accept blank origin headers because some user agents don't send it.
request.origin.nil? || request.origin == request.base_url
else
true
end
end
成为:
def valid_request_origin? # :doc:
if forgery_protection_origin_check
# We accept blank origin headers because some user agents don't send it.
request.origin.nil? || request.origin == request.base_url || request.base_url == ": https://<domain name>:80"
else
true
end
end
这篇关于Devise 无法在 Google Chrome 中登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!