仅为安全页面保护回形针网址 [英] Secure paperclip urls only for secure pages

问题描述

我正在尝试找到确保回形针网址安全的最佳方法，但仅限于安全网页。

I'm trying to find the best way to make paperclip urls secure, but only for secure pages.

例如，主页显示存储的图片S3， http://mydomain.com ，图片网址为 http://s3.amazonaws.com/mydomainphotos/89/thisimage.JPG?1284314856 。

For instance, the homepage, which shows images stored in S3, is http://mydomain.com and the image url is http://s3.amazonaws.com/mydomainphotos/89/thisimage.JPG?1284314856.

我有像 https://mydomain.com/users/my_stuff/这样的安全页面如果图像存储在S3中，但S3协议是http而不是https，那么用户会从浏览器收到警告，说明页面上的某些元素不安全，等等等等。

I have secure pages like https://mydomain.com/users/my_stuff/49 that has images stored in S3, but the S3 protocol is http and not https, so the user gets a warning from the browser saying that some elements on the page are not secure, blah blah blah.

我知道我可以在模型中指定：s3_protocol，但即使没有必要，这也可以使一切安全。所以，我正在寻找将协议更改为https的最佳方法，仅用于安全页面。

I know that I can specify :s3_protocol in the model, but this makes everything secure even when it isn't necessary. So, I'm looking for the best way to change the protocol to https on the fly, only for secure pages.

一种（可能是坏的）方式是创建一个新的网址方法，如：

One (probably bad) way would be to create a new url method like:

def custom_url(style = default_style, ssl = false)
  ssl ? self.url(style).gsub('http', 'https') : self.url(style)
end

需要注意的一点是，我正在使用ssl_requirement插件，因此可能有办法将其与之绑定。

One thing to note is that I'm using the ssl_requirement plugin, so there might be a way to tie it in with that.

我确信有一些简单，标准的方法可以做到这一点，但我似乎无法找到它。

I'm sure there is some simple, standard way to do this that I'm overlooking, but I can't seem to find it.

推荐答案

如果有人现在偶然发现这个问题：自从Paperclip有一个解决方案 2012年4月！只需写下：

If anyone stumbles upon this now: There is a solution in Paperclip since April 2012! Simply write:

Paperclip::Attachment.default_options[:s3_protocol] = ""

或在模型中使用 s3_protocol 选项。

感谢@Thomas Watson发起此事。

Thanks to @Thomas Watson for initiating this.

这篇关于仅为安全页面保护回形针网址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！