我想在我的Rails应用程序中以用户身份登录。没有SSL,一切正常。在登台/生产时激活SSL时,会有一个SSL重定向,它会在GET请求中更改我的POST请求。因此,不是调用CREATE方法,而是调用Session-Controller中的SHOW方法。这是日志:
Started POST "/authentication_customer_user_sessions" for *********** at 2014-07-30 10:42:30 +0200
Processing by Authentication::CustomerUserSessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authentication_customer_user_session"=>{"redirect_path"=>"user_index_path", "login"=>"user", "password"=>"[FILTERED]", "remember_me"=>"0"}, "account"=>{"signup"=>"with_signup"}, "commit"=>"signin"}
Redirected to https://staging.myserver.de/authentication_customer_user_sessions
Completed 302 Found in 5ms
Started GET "/authentication_customer_user_sessions" for *********** at 2014-07-30 10:42:30 +0200
AbstractController::ActionNotFound (The action 'show' could not be found for Authentication::CustomerUserSessionsController):
在我的身份验证:: CustomerUserSession-Controller中,我使用
激活SSLprivate
def ssl_required?
return false if request.local? || RAILS_ENV == 'test' || RAILS_ENV == 'development'
true
end
那么我可以在我的Rails-App中做什么来避免这个问题而不停用此控制器的SSL?谢谢你的帮助!
我正在使用authlogic进行身份验证。
答案 0 :(得分:1)
好的,我解决了我的问题。解决方案是在登录表单中强制https。这是我的代码片段:
<%= form_for Authentication::CustomerUserSession.new, :as => :authentication_customer_user_session, :url => authentication_customer_user_sessions_url(:protocol => 'https') do |f| %>
或者更通用一点:
<%= form_for Authentication::CustomerUserSession.new, :as => :authentication_customer_user_session, :url => authentication_customer_user_sessions_url(:protocol => (Rails.env.production? || Rails.env.staging?) ? 'https' : 'http') do |f| %>