在Chrome中，Rails 4重定向到'data :,' [英] Rails 4 redirects to 'data:,' in Chrome

问题描述

Google Chrome中存在一个奇怪的行为，这个问题也有描述： rails重定向到' data :,'

创建新资源并且我的控制器重定向到show操作时， chrome启动加载空白页'data：，'在地址栏中。作者回答上述问题的答案如下：

这是一项安全功能，新页面的HTML内容与HTML内容相匹配Chrome提供的表格。

然而，没有解释如何解决它。

解决方案

我一直在使用Google，发现在Rails中用iframe编辑帖子4.0导致重定向到data：，

Rails 4现在为所有请求设置X-XSS-Protection头，因此iframe表单提交后，在Chrome中启用XSS保护。
（ https://github.com/elektronaut/sugar/issues/41#issuecomment-25987368 ）

解决方案，将其添加到您的控制器：

  before_filter：disable_xss_protection 
 
保护
 def disable_xss_protection 
＃禁用这可能不是一个好主意，
＃但是标题导致Chrome在提交后重定向
＃并且该页面包含iframe时会窒息。 
 response.headers ['X-XSS-Protection'] =0
结束
  

There is a weird behavior in Google Chrome, which is also described in this question: rails redirects to 'data:,'

When a new resource is being created and my controller redirects to the show action, chrome initiates loading of a blank page with 'data:,' in the address bar. The reply of the author who asked the above mentioned question is the following:

This is a security feature, the HTML content of the new page matches the HTML content of the submitted form, which Chrome blocks.

However no explanation of how to fix it followed. The behavior is only present in Chrome browser.

解决方案

I've been googling it and found that editing posts with an iframe in Rails 4.0 causes a redirect to "data:,"

Rails 4 now sets the X-XSS-Protection header for all requests, so the iframe trips up the XSS protection in Chrome after a form submit. (https://github.com/elektronaut/sugar/issues/41#issuecomment-25987368)

Solution, add it to your controller:

before_filter :disable_xss_protection

protected
def disable_xss_protection
  # Disabling this is probably not a good idea,
  # but the header causes Chrome to choke when being
  # redirected back after a submit and the page contains an iframe.
  response.headers['X-XSS-Protection'] = "0"
end

这篇关于在Chrome中，Rails 4重定向到'data :,'的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！