重定向循环与Devise after_sign_in_path_for [英] Redirect loop with Devise after_sign_in_path_for
问题描述
def after_sign_in_path_for(resource)
request.referer
end
除非用户实际通过原始格式登录,导致重定向循环。
我尝试过
def after_sign_in_path_for(资源)
if(request.referer ==/ users / sign_in)
:pages_home
else
request.referer
end
end
但是这不起作用,很有可能是因为我不知道当遇到原始用户时request.referer正在返回什么登录页面(www.example.com/users/sign_in)。
任何想法?
tldr;使用devise,我想重定向到登录页面(即/ blog / 4),除非该页面是/ users / sign_in
解决方案: strong>
Matchu是对的。 request.referer也返回域名...
http://example.com/users/sign_in
(注意:没有www前缀)
如果它是一个不安全或低效的方式,我仍然对另一种方式感兴趣。
不要重定向到引荐来源 - 通常是一个坏主意。
相反,在查询字符串或表单中传递一个 next
数据。可能使用以下方式:
def after_sign_in_path_for(资源)
params [:next] ||超级
结束
当用户尝试访问需要身份验证的页面(例如 / admin / posts / 3 / edit
)认证 before_filter
发出一个 redirect_to new_session_url(:next = > request.path)
。然后编写登录操作并查看以保留:next
query-string参数。
I'm having a bit of a noob issue. I wanted to get devise to redirect to the last page the user visited. So I did the following...
def after_sign_in_path_for(resource)
request.referer
end
Works great...except if the user is actually logging in through the original form which causes a redirect loop.
I tried
def after_sign_in_path_for(resource)
if (request.referer == "/users/sign_in")
:pages_home
else
request.referer
end
end
But thats not working, most likely because I have no idea what request.referer is actually returning when it encounters the original user login page (www.example.com/users/sign_in).
Any ideas?
tldr; Using devise, I want to redirect to the page logged in from (i.e /blog/4) unless the page is /users/sign_in
SOLVED:
Matchu was right. The request.referer was returning the domain as well...
http://example.com/users/sign_in
(note: no www prefix)
I'm still interested in an alternative to request.referer if its an insecure or inefficient way.
Don't redirect to referrers - it's generally a bad idea.
Instead, pass a next
value across in the query-string or form-data. Perhaps use something like:
def after_sign_in_path_for(resource)
params[:next] || super
end
When a user tries to visit a page requiring authentication (e.g., /admin/posts/3/edit
) the authentication before_filter
issues a redirect_to new_session_url(:next => request.path)
. Then code up the login action and view to preserve the :next
query-string parameter.
这篇关于重定向循环与Devise after_sign_in_path_for的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!