gpt4 book ai didi

ruby-on-rails - 如果以 'null' 作为原点请求页面,则链接不起作用

转载 作者:行者123 更新时间:2023-12-04 11:00:58 24 4
gpt4 key购买 nike

我有一个标准的 Rails 5.2.2应用程序。

在我的一个页面上,我有一个 iFrame。当我从 iFrame 中点击一个在新选项卡中打开我的网站的链接时,如下所示:

<iframe src="/page.html" sandbox="allow-scripts allow-forms allow-top-navigation allow-popups">
<a href="http://0.0.0.0:3005/" target="_blank">Visit the frontpage</a>
</iframe>

我访问网站没问题,我的日志看起来不错:
Started GET "/" for 127.0.0.1 at 2019-11-11 13:10:09 +0100
Processing by StaticPagesController#index as HTML
Completed 200 OK in 408ms (Views: 405.0ms)

但是页面上没有内部链接工作。当我单击链接时,会在我被重定向回我来自的页面之前打印此堆栈跟踪:
Started OPTIONS "/somewhere" for 127.0.0.1 at 2019-11-11 13:10:11 +0100

ActionController::RoutingError (No route matches [OPTIONS] "/somewhere"):

.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/debug_exceptions.rb:65:in `call'
.gems/ruby/2.4.0/gems/web-console-3.7.0/lib/web_console/middleware.rb:135:in `call_app'
.gems/ruby/2.4.0/gems/web-console-3.7.0/lib/web_console/middleware.rb:30:in `block in call'
.gems/ruby/2.4.0/gems/web-console-3.7.0/lib/web_console/middleware.rb:20:in `catch'
.gems/ruby/2.4.0/gems/web-console-3.7.0/lib/web_console/middleware.rb:20:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
.gems/ruby/2.4.0/gems/railties-5.2.2/lib/rails/rack/logger.rb:38:in `call_app'
.gems/ruby/2.4.0/gems/railties-5.2.2/lib/rails/rack/logger.rb:26:in `block in call'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/tagged_logging.rb:71:in `block in tagged'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/tagged_logging.rb:28:in `tagged'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/tagged_logging.rb:71:in `tagged'
.gems/ruby/2.4.0/gems/railties-5.2.2/lib/rails/rack/logger.rb:26:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/request_id.rb:27:in `call'
.gems/ruby/2.4.0/gems/rack-2.0.6/lib/rack/method_override.rb:22:in `call'
.gems/ruby/2.4.0/gems/rack-2.0.6/lib/rack/runtime.rb:22:in `call'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/executor.rb:14:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/static.rb:127:in `call'
.gems/ruby/2.4.0/gems/rack-2.0.6/lib/rack/sendfile.rb:111:in `call'
.gems/ruby/2.4.0/gems/railties-5.2.2/lib/rails/engine.rb:524:in `call'
.gems/ruby/2.4.0/gems/puma-3.12.0/lib/puma/configuration.rb:225:in `call'
.gems/ruby/2.4.0/gems/puma-3.12.0/lib/puma/server.rb:658:in `handle_request'
.gems/ruby/2.4.0/gems/puma-3.12.0/lib/puma/server.rb:472:in `process_client'
.gems/ruby/2.4.0/gems/puma-3.12.0/lib/puma/server.rb:332:in `block in run'
.gems/ruby/2.4.0/gems/puma-3.12.0/lib/puma/thread_pool.rb:133:in `block in spawn_thread'
Started GET "/" for 127.0.0.1 at 2019-11-11 13:10:12 +0100
Processing by StaticPagesController#index as HTML
Completed 200 OK in 394ms (Views: 390.3ms)

只是为了看看会发生什么,我添加到我的路由文件中:

match "/somewhere", to: "somewhere#somewhere", via: [:options]

如果我不使用身份验证保护该页面,则不会触发堆栈跟踪,但我会被重定向回我来自的地方:
Started OPTIONS "/somewhere" for 127.0.0.1 at 2019-11-11 13:41:18 +0100
Processing by SomewhereController#somewhere as */*
Completed 200 OK in 625ms (Views: 602.3ms)
Started GET "/" for 127.0.0.1 at 2019-11-11 13:41:19 +0100
Processing by StaticPagesController#index as HTML
Completed 200 OK in 413ms (Views: 409.8ms)

如果我向页面添加设计身份验证,则会显示此堆栈跟踪:
Started OPTIONS "/somewhere" for 127.0.0.1 at 2019-11-11 13:33:31 +0100
Processing by SomewhereController#somewhere as */*
Completed 422 Unprocessable Entity in 1ms

ActionController::InvalidAuthenticityToken (The browser returned a 'null' origin for a request with origin-based forgery protection turned on. This usually
means you have the 'no-referrer' Referrer-Policy header enabled, or that the request came from a site that
refused to give its origin. This makes it impossible for Rails to verify the source of the requests. Likely the
best solution is to change your referrer policy to something less strict like same-origin or strict-same-origin.
If you cannot change the referrer policy, you can disable origin checking with the
Rails.application.config.action_controller.forgery_protection_origin_check setting.
):

.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_controller/metal/request_forgery_protection.rb:433:in `valid_request_origin?'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_controller/metal/request_forgery_protection.rb:291:in `verified_request?'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_controller/metal/request_forgery_protection.rb:230:in `verify_authenticity_token'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:426:in `block in make_lambda'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:179:in `block (2 levels) in halting_and_conditional'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:180:in `block in halting_and_conditional'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:513:in `block in invoke_before'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:513:in `each'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:513:in `invoke_before'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:131:in `run_callbacks'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/abstract_controller/callbacks.rb:41:in `process_action'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_controller/metal/rescue.rb:22:in `process_action'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/notifications.rb:168:in `block in instrument'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/notifications/instrumenter.rb:23:in `instrument'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/notifications.rb:168:in `instrument'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_controller/metal/instrumentation.rb:32:in `process_action'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_controller/metal/params_wrapper.rb:256:in `process_action'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/abstract_controller/base.rb:134:in `process'
.gems/ruby/2.4.0/gems/actionview-5.2.2/lib/action_view/rendering.rb:32:in `process'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_controller/metal.rb:191:in `dispatch'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_controller/metal.rb:252:in `dispatch'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/routing/route_set.rb:52:in `dispatch'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/routing/route_set.rb:34:in `serve'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/journey/router.rb:52:in `block in serve'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/journey/router.rb:35:in `each'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/journey/router.rb:35:in `serve'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/routing/route_set.rb:840:in `call'
.gems/ruby/2.4.0/gems/warden-1.2.8/lib/warden/manager.rb:36:in `block in call'
.gems/ruby/2.4.0/gems/warden-1.2.8/lib/warden/manager.rb:34:in `catch'
.gems/ruby/2.4.0/gems/warden-1.2.8/lib/warden/manager.rb:34:in `call'
.gems/ruby/2.4.0/gems/rack-2.0.6/lib/rack/tempfile_reaper.rb:15:in `call'
.gems/ruby/2.4.0/gems/rack-2.0.6/lib/rack/etag.rb:25:in `call'
.gems/ruby/2.4.0/gems/rack-2.0.6/lib/rack/conditional_get.rb:38:in `call'
.gems/ruby/2.4.0/gems/rack-2.0.6/lib/rack/head.rb:12:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/http/content_security_policy.rb:18:in `call'
.gems/ruby/2.4.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:232:in `context'
.gems/ruby/2.4.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:226:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/cookies.rb:670:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/callbacks.rb:98:in `run_callbacks'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/executor.rb:14:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/debug_exceptions.rb:61:in `call'
.gems/ruby/2.4.0/gems/web-console-3.7.0/lib/web_console/middleware.rb:135:in `call_app'
.gems/ruby/2.4.0/gems/web-console-3.7.0/lib/web_console/middleware.rb:30:in `block in call'
.gems/ruby/2.4.0/gems/web-console-3.7.0/lib/web_console/middleware.rb:20:in `catch'
.gems/ruby/2.4.0/gems/web-console-3.7.0/lib/web_console/middleware.rb:20:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
.gems/ruby/2.4.0/gems/railties-5.2.2/lib/rails/rack/logger.rb:38:in `call_app'
.gems/ruby/2.4.0/gems/railties-5.2.2/lib/rails/rack/logger.rb:26:in `block in call'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/tagged_logging.rb:71:in `block in tagged'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/tagged_logging.rb:28:in `tagged'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/tagged_logging.rb:71:in `tagged'
.gems/ruby/2.4.0/gems/railties-5.2.2/lib/rails/rack/logger.rb:26:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/request_id.rb:27:in `call'
.gems/ruby/2.4.0/gems/rack-2.0.6/lib/rack/method_override.rb:22:in `call'
.gems/ruby/2.4.0/gems/rack-2.0.6/lib/rack/runtime.rb:22:in `call'
.gems/ruby/2.4.0/gems/activesupport-5.2.2/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/executor.rb:14:in `call'
.gems/ruby/2.4.0/gems/actionpack-5.2.2/lib/action_dispatch/middleware/static.rb:127:in `call'
.gems/ruby/2.4.0/gems/rack-2.0.6/lib/rack/sendfile.rb:111:in `call'
.gems/ruby/2.4.0/gems/railties-5.2.2/lib/rails/engine.rb:524:in `call'
.gems/ruby/2.4.0/gems/puma-3.12.0/lib/puma/configuration.rb:225:in `call'
.gems/ruby/2.4.0/gems/puma-3.12.0/lib/puma/server.rb:658:in `handle_request'
.gems/ruby/2.4.0/gems/puma-3.12.0/lib/puma/server.rb:472:in `process_client'
.gems/ruby/2.4.0/gems/puma-3.12.0/lib/puma/server.rb:332:in `block in run'
.gems/ruby/2.4.0/gems/puma-3.12.0/lib/puma/thread_pool.rb:133:in `block in spawn_thread'
Started GET "/" for 127.0.0.1 at 2019-11-11 13:33:31 +0100
Processing by StaticPagesController#index as HTML
Completed 200 OK in 681ms (Views: 677.9ms)

正如堆栈跟踪中所建议的,以下技巧没有改变任何东西:

Rails.application.configure do
config.action_controller.forgery_protection_origin_check = false
end

我也试过了, as suggested here , 设置 action_dispatch.default_headers到各种值,没有任何运气:

config.action_dispatch.default_headers = {
'Referrer-Policy' => 'no-referrer'
}

知道会发生什么吗?

最佳答案

您可以提及 * or the host name with the post'Access-Control-Allow-Origin'在服务中避免 CORS 问题并获取身份验证 token :

# in config/application.rb
config.action_dispatch.default_headers = {
'Access-Control-Allow-Origin' => 'http://my-web-service-consumer-site.com',
'Access-Control-Request-Method' => %w{GET POST OPTIONS}.join(",")
}

来源 :

https://medium.com/@Nicholson85/handling-cors-issues-in-your-rails-api-120dfbcb8a24
https://demisx.github.io/rails-api/2014/02/18/configure-accept-headers-cors.html

关于ruby-on-rails - 如果以 'null' 作为原点请求页面,则链接不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58802469/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com