使用默认rails ajax请求登录模式不使用子域

时间:2015-10-16 06:57:00

标签: ruby-on-rails ajax twitter-bootstrap ruby-on-rails-4 rubygems

我有一个设计用户模型。

要登录我使用的是twitter-bootstrap模式。默认情况下隐藏模态并仅在将rails默认ajax请求发送到服务器后显示。

它适用于localhost和生产。但是当用户在business.lvh.me:3000之类的子域(使用acts_as_tenant)时,模式窗口不会弹出,并且ajax请求失败。

我正在跨所有域共享会话。

我的SessionStore初始化程序。

> Rails.application.config.session_store :active_record_store, :key =>
> '_my_app_session',domain: 'lvh.me'

PFB的error.log也是如此。

  Rendered remote_content/_remote_sign_up.html.erb (78.8ms)
  Rendered remote_content/remote_sign_up.js.erb (86.2ms)
Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
Completed 422 Unprocessable Entity in 100ms (Views: 96.1ms | ActiveRecord: 1.6ms)

ActionController::InvalidCrossOriginRequest - Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.:
  actionpack (4.2.4) lib/action_controller/metal/request_forgery_protection.rb:225:in `verify_same_origin_request'
  activesupport (4.2.4) lib/active_support/callbacks.rb:432:in `block in make_lambda'
  activesupport (4.2.4) lib/active_support/callbacks.rb:239:in `block in halting'
  activesupport (4.2.4) lib/active_support/callbacks.rb:506:in `block in call'
  activesupport (4.2.4) lib/active_support/callbacks.rb:506:in `call'
  activesupport (4.2.4) lib/active_support/callbacks.rb:92:in `__run_callbacks__'
  activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_process_action_callbacks'
  activesupport (4.2.4) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (4.2.4) lib/abstract_controller/callbacks.rb:19:in `process_action'
  actionpack (4.2.4) lib/action_controller/metal/rescue.rb:29:in `process_action'
  actionpack (4.2.4) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
  activesupport (4.2.4) lib/active_support/notifications.rb:164:in `block in instrument'
  activesupport (4.2.4) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
  activesupport (4.2.4) lib/active_support/notifications.rb:164:in `instrument'
  actionpack (4.2.4) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
  actionpack (4.2.4) lib/action_controller/metal/params_wrapper.rb:250:in `process_action'
  activerecord (4.2.4) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
  actionpack (4.2.4) lib/abstract_controller/base.rb:137:in `process'
  actionview (4.2.4) lib/action_view/rendering.rb:30:in `process'
  actionpack (4.2.4) lib/action_controller/metal.rb:196:in `dispatch'
  actionpack (4.2.4) lib/action_controller/metal/rack_delegation.rb:13:in `dispatch'
  actionpack (4.2.4) lib/action_controller/metal.rb:237:in `block in action'
  actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:76:in `dispatch'
  actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:45:in `serve'
  actionpack (4.2.4) lib/action_dispatch/journey/router.rb:43:in `block in serve'
  actionpack (4.2.4) lib/action_dispatch/journey/router.rb:30:in `serve'
  actionpack (4.2.4) lib/action_dispatch/routing/route_set.rb:821:in `call'
  warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
  warden (1.2.3) lib/warden/manager.rb:34:in `call'
  rack (1.6.4) lib/rack/etag.rb:24:in `call'
  rack (1.6.4) lib/rack/conditionalget.rb:25:in `call'
  rack (1.6.4) lib/rack/head.rb:13:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/flash.rb:260:in `call'
  rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
  rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/cookies.rb:560:in `call'
  activerecord (4.2.4) lib/active_record/query_cache.rb:36:in `call'
  activerecord (4.2.4) lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in `call'
  activerecord (4.2.4) lib/active_record/migration.rb:377:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
  activesupport (4.2.4) lib/active_support/callbacks.rb:88:in `__run_callbacks__'
  activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_call_callbacks'
  activesupport (4.2.4) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/reloader.rb:73:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:84:in `protected_app_call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:79:in `better_errors_call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:57:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
  web-console (2.2.1) lib/web_console/middleware.rb:39:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
  railties (4.2.4) lib/rails/rack/logger.rb:38:in `call_app'
  railties (4.2.4) lib/rails/rack/logger.rb:20:in `block in call'
  activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in `block in tagged'
  activesupport (4.2.4) lib/active_support/tagged_logging.rb:26:in `tagged'
  activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in `tagged'
  railties (4.2.4) lib/rails/rack/logger.rb:20:in `call'
  request_store (1.2.0) lib/request_store/middleware.rb:8:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/request_id.rb:21:in `call'
  rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
  rack (1.6.4) lib/rack/runtime.rb:18:in `call'
  activesupport (4.2.4) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
  rack (1.6.4) lib/rack/lock.rb:17:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/static.rb:116:in `call'
  rack (1.6.4) lib/rack/sendfile.rb:113:in `call'
  railties (4.2.4) lib/rails/engine.rb:518:in `call'
  railties (4.2.4) lib/rails/application.rb:165:in `call'
  rack (1.6.4) lib/rack/content_length.rb:15:in `call'
  puma (2.9.2) lib/puma/server.rb:490:in `handle_request'
  puma (2.9.2) lib/puma/server.rb:361:in `process_client'
  puma (2.9.2) lib/puma/server.rb:254:in `block in run'
  puma (2.9.2) lib/puma/thread_pool.rb:92:in `block in spawn_thread'

2 个答案:

答案 0 :(得分:1)

您已遇到CORS (Cross Origin Request Source)的问题。

这是一个标准规范,旨在通过JS防止恶意XML请求 - 简单地说,它意味着您不能将未经邀请的XML请求发送到其他服务器;必须通过该服务器的CORS政策允许它们。

Rack CORS

重要的是要注意的是CORS规范扩展到子域(它将子域视为与域完全不同)。

这意味着您必须在服务器上的CORS策略中明确允许您的子域。您可以通过Web服务器(EG NGinxApache)或通过Rack Middleware堆栈执行此操作。

对于Rails,有一个非常非常好的宝石处理CORS,称为Rack-CORS ...... 

#Gemfile
gem "rack-cors"

#config/application.rb
module YourApp
  class Application < Rails::Application

    # ...

    config.middleware.insert_before 0, "Rack::Cors" do
      allow do
        origins '*'
        resource '/*',
          :headers => :any,
          :methods => [:get, :post, :options],
          :if => proc { |env| env['HTTP_HOST'] == 'api.example.com' }
      end
    end

  end
end

-

因为您要在子域中发送AJAX请求,所以您的服务器正在将其视为两个完全独立的域尝试使用Ajax相互访问。

当然,我们知道情况并非如此,但CORS没有。

因此,如果您想要修复它,您应该使用您自己的HTTP_HOST子域应用上面的代码。

答案 1 :(得分:0)

我使用

解决了这个问题 
<%= link_to "login", remote_login_url, :remote => true%>

而不是

<%= link_to('login', remote_login_url(:subdomain => 'www')),:remote => true  %>

注册后更改默认设置并登录设计注册和会话控制器的路径。

正如Rich使用Rack-CORS建议在处理ajax和子域时在这些情况下会有所帮助。

相关问题
最新问题