当前位置:theitroad>Ruby-on-rails Rails 3 SSL 弃用

Ruby-on-rails Rails 3 SSL 弃用

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/3634100/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-02 23:08:33  来源:igfitidea点击:

Rails 3 SSL Deprecation

ruby-on-rails

提问by Kevin Sylvestre

I am upgrading an application to Rails 3.0.0 and am wondering if the standard method for adding SSL has changed (I vaguely remember demos indicating the router could now handle SSL, though I'm not sure if it was just for demonstration purposes). I currently use the "ssl_requirement" gem, however it gives:

我正在将应用程序升级到 Rails 3.0.0 并且想知道添加 SSL 的标准方法是否已更改(我依稀记得演示表明路由器现在可以处理 SSL,但我不确定它是否仅用于演示目的)。我目前使用“ssl_requirement” gem,但是它提供:

DEPRECATION WARNING: Using #request_uri is deprecated. Use fullpath instead. (called from ensure_proper_protocol at /Library/Ruby/Gems/1.8/gems/ssl_requirement-0.1.0/lib/ssl_requirement.rb:53)

弃用警告:不推荐使用#request_uri。请改用全路径。(从 /Library/Ruby/Gems/1.8/gems/ssl_requirement-0.1.0/lib/ssl_requirement.rb:53 处的 ensure_proper_protocol 调用)

Also, it appears to break when handling the new 'data-method' attributes. For example:

此外,它似乎在处理新的“数据方法”属性时会中断。例如:

<%= link_to "Logout", user_path, :method => :delete %>

Works fine when accessing from an SSL section of the application, but fails (attempts to render show action) when followed from a non-SSL section (all actions in the user controller require SSL, although I understand that the destroy action does not transmit secure data).

从应用程序的 SSL 部分访问时工作正常,但从非 SSL 部分访问时失败(尝试呈现显示操作)(用户控制器中的所有操作都需要 SSL,尽管我知道销毁操作不会安全传输数据)。

回答by molf

It's indeed pretty simple in Rails 3. In config/routes.rb:

在 Rails 3 中确实非常简单。在config/routes.rb

MyApplication::Application.routes.draw do
  resources :sessions, :constraints => { :protocol => "https" }
end

Or if you need to force SSL for multiple routes:

或者,如果您需要为多个路由强制使用 SSL:

MyApplication::Application.routes.draw do
  scope :constraints => { :protocol => "https" } do 
    # All your SSL routes.
  end
end

And linking to SSL routes can be done like this:

并且可以像这样链接到 SSL 路由:

<%= link_to "Logout", sessions_url(:protocol => 'https'), :method => :delete %>

If you wish to automatically redirect some controllers (or actually, some subpaths) to an equivalent https-based URL, you can add something like this to your routes (I wish this part were simpler):

如果您希望自动将某些控制器(或实际上是某些子路径)重定向到等效的基于 https 的 URL,您可以将类似的内容添加到您的路由中(我希望这部分更简单):

# Redirect /foos and anything starting with /foos/ to https.
match "foos(/*path)", :to => redirect { |_, request|
  "https://" + request.host_with_port + request.fullpath }

回答by Dan

After spending an afternoon looking for the best solution I settled on the approach described in this article: http://clearcove.ca/blog/2010/11/how-to-secure-a-rails-app-on-heroku-with-ssl-firesheep/which referenced this article: Force SSL using ssl_requirement in Rails 2 app

在花了一个下午寻找最佳解决方案后,我决定采用本文中描述的方法:http: //clearcove.ca/blog/2010/11/how-to-secure-a-rails-app-on-heroku-with -ssl-firesheep/引用了这篇文章:Force SSL using ssl_requirement in Rails 2 app

Basically do this:

基本上这样做:

# lib/middleware/force_ssl.rb
class ForceSSL
  def initialize(app)
    @app = app
  end

  def call(env)
    if env['HTTPS'] == 'on' || env['HTTP_X_FORWARDED_PROTO'] == 'https'
      @app.call(env)
    else
      req = Rack::Request.new(env)
      [301, { "Location" => req.url.gsub(/^http:/, "https:") }, []]
    end
  end
end

# config/application.rb
config.autoload_paths += %W( #{ config.root }/lib/middleware )

# config/environments/production.rb
config.middleware.use "ForceSSL"

回答by equivalent8

Toppic is old but just for googling people:

Toppic 是旧的,但只适用于谷歌搜索的人:

in *app/controller/your_controller.rb*

在 *app/controller/your_controller.rb*

 class LostPasswordsController < ApplicationController

   force_ssl

   def index
     #....
   end
 end

if globally use it in application controller

如果在应用程序控制器中全局使用它

http://apidock.com/rails/ActionController/ForceSSL/ClassMethods/force_ssl

http://apidock.com/rails/ActionController/ForceSSL/ClassMethods/force_ssl

...thx S.L. for tip

...thx SL 提示

回答by rcd

In later Rails (at least 3.12+) you can use the following, environment-specific:

在以后的 Rails(至少 3.12+)中,您可以使用以下特定于环境的:

in config/environments/production.rb (or other environment)

在 config/environments/production.rb (或其他环境)

# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
config.force_ssl = true

相关推荐

Ruby-on-rails ActiveModel::MissingAttributeError: 无法使用 FactoryGirl 写入未知属性“ad_id”

Ruby-on-rails ActiveModel::MissingAttributeError: 无法使用 FactoryGirl 写入未知属性“ad_id”

Ruby-on-rails 如何访问 Rails 3 应用程序对象的名称?

Ruby-on-rails 如何访问 Rails 3 应用程序对象的名称?

Ruby-on-rails 无效的单表继承类型:Rails

Ruby-on-rails 无效的单表继承类型:Rails

Ruby-on-rails 覆盖设计注册控制器

Ruby-on-rails 覆盖设计注册控制器

相关推荐
最近更新
标签