我正在尝试使用CSRF保护设置Rails 4.2.1和Faye。我使用http://faye.jcoglan.com/security/csrf.html处的指南来完成所有工作。
配置/ csrf_protection.rb
class CsrfProtection
def incoming(message, request, callback)
session_token = request.session['_csrf_token']
message_token = message['ext'] && message['ext'].delete('csrfToken')
unless session_token == message_token
message['error'] = '401::Access denied'
end
callback.call(message)
end
end
配置/ application.rb中
config.middleware.insert_after ActionDispatch::Session::CookieStore,
Faye::RackAdapter,
:extensions => [CsrfProtection.new],
:mount => '/live',
:timeout => 25
配置/ unicorn.rb
worker_processes Integer(ENV["WEB_CONCURRENCY"] || 3)
timeout 15
preload_app true
listen 3000, tcp_nopush: false
stderr_path "log/unicorn.stderr.log"
stdout_path "log/unicorn.stdout.log"
before_fork do |server, worker|
Signal.trap 'TERM' do
puts 'Unicorn master intercepting TERM and sending myself QUIT instead'
Process.kill 'QUIT', Process.pid
end
defined?(ActiveRecord::Base) and
ActiveRecord::Base.connection.disconnect!
end
after_fork do |server, worker|
Signal.trap 'TERM' do
puts 'Unicorn worker intercepting TERM and doing nothing. Wait for master to send QUIT'
end
defined?(ActiveRecord::Base) and
ActiveRecord::Base.establish_connection
end
我开始独角兽:
bundle exec unicorn -c config/unicorn.rb
我的日志文件中出现以下错误:
Rack::Lint::LintError: Status must be >=100 seen as integer
ThreadError: deadlock; recursive locking
错误是由Faye在开发模式下运行引起的。是否有可能使用此设置告诉Faye在生产环境中运行,同时让我的应用程序的其余部分以开发模式运行?