Devise无法登录Google Chrome
我正在使用Devise gem在Ruby on Rails Web应用程序上进行用户身份validation。 这个过程非常直接。
但是,在添加Nginx和ssl证书后,我可以在Mozilla Firefox中登录但无法登录Google Chrome的应用程序。 到目前为止,我能找到的唯一跟踪是我的环境日志文件中的这几行:
Processing by Devise::SessionsController#create as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"==", "user"=>{"email"=>"email@test.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"} HTTP Origin header (https://) didn't match request.base_url (: https://:80) 我的Nginx配置为/
location / { proxy_pass http://127.0.0.1:3000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Forwarded-Proto: $scheme; }
注意:如果我删除了proxy_set_header X-Forwarded-Proto: $scheme; 来自/etc/nginx/conf.d/ssl.conf日志文件中的错误更改为:
Processing by Devise::SessionsController#create as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"==", "user"=>{"email"=>"email@test.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"} HTTP Origin header (https://) didn't match request.base_url (http://:3000)
有没有办法来解决这个问题?
我临时修改了actionpack gem。
在lib/action_controller/metal/request_forgery_protection.rb里面的actionpack gem目录我更新了:
def valid_request_origin? # :doc: if forgery_protection_origin_check # We accept blank origin headers because some user agents don't send it. request.origin.nil? || request.origin == request.base_url else true end end
成为:
def valid_request_origin? # :doc: if forgery_protection_origin_check # We accept blank origin headers because some user agents don't send it. request.origin.nil? || request.origin == request.base_url || request.base_url == ": https://:80" else true end end