接受 headers of "*/*" 让设计变得疯狂
devise goes crazy with accept headers of "*/*"
作为 已验证 用户,如果我通过外部文本编辑器访问 url 到我的应用程序,mimetype 在控制台中显示为“*/* ”,设计似乎多次重定向到“/sign_in”。这是一个问题,因为如果我转到“/foo”,它最初存储在 session 中,作为身份验证后到 return 的路径。由于重定向的次数,这个值在 session 中消失了,在设计最终意识到用户已经登录后,它最终重定向到“/”。
为了测试,我添加到我的应用程序控制器:
def authenticate_user!
puts "***** AUTHENTICATE USER CALLED!!!"
super
end
所以,如果我直接在浏览器中输入 url,mimetype 显示为 HTML,它会立即看到我已通过身份验证,并且一切都按预期呈现:
Started GET "/products/171" for 127.0.0.1 at 2015-02-11 17:04:53 -0800
ActiveRecord::SchemaMigration Load (0.4ms) SELECT "schema_migrations".* FROM "schema_migrations"
Processing by LayoutsController#show as HTML
Parameters: {"id"=>"171"}
***** AUTHENTICATE USER CALLED!!!
User Load (0.9ms) SELECT "users".* FROM "users" WHERE "users"."id" = 7 ORDER BY "users"."id" ASC LIMIT 1
Rendered html template within layouts/application (0.1ms)
Completed 200 OK in 1165ms (Views: 1127.7ms | ActiveRecord: 3.0ms)
但是,当我在外部文本编辑器中单击 link 时,出现了这种疯狂的行为:
Started GET "/products/171" for 127.0.0.1 at 2015-02-11 17:09:43 -0800
Processing by LayoutsController#show as */*
Parameters: {"id"=>"171"}
***** AUTHENTICATE USER!!!
Completed 401 Unauthorized in 4ms
I18N keys: [:en, :devise, :failure, :user, :unauthenticated]
I18N keys: [:en, :devise, :failure, :unauthenticated]
=> You need to sign in or sign up before continuing.
Started GET "/sign_in" for 127.0.0.1 at 2015-02-11 17:09:43 -0800
Processing by Devise::SessionsController#new as */*
I18N keys: [:en, :sign_in, :submit_button]
=> Sign in
I18N keys: [:en, :sign_in, :disabled]
=> Your account has been disabled.
Rendered devise/sessions/new.html.haml within layouts/sign_in (6.8ms)
Started GET "/sign_in" for 127.0.0.1 at 2015-02-11 17:09:45 -0800
Processing by Devise::SessionsController#new as HTML
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = 7 ORDER BY "users"."id" ASC LIMIT 1
I18N keys: [:en, :devise, :failure, :already_authenticated]
=> You are already signed in.
Redirected to http://localhost:3000/
Filter chain halted as :require_no_authentication rendered or redirected
Completed 302 Found in 5ms (ActiveRecord: 0.5ms)
Started GET "/" for 127.0.0.1 at 2015-02-11 17:09:45 -0800
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = 7 ORDER BY "users"."id" ASC LIMIT 1
Processing by LayoutsController#show as HTML
***** AUTHENTICATE USER!!!
Completed 200 OK in 244ms (Views: 178.8ms | ActiveRecord: 0.0ms)
注意“重定向到 http://localhost:3000/" rather than http://localhost:3000/products/171,这是应该发生的事情。
为什么 */* 会导致此行为,我该如何解决?
更新
显然问题是,直接从 Chrome 的 url 栏访问和单击 link 栏之间的 sessions 完全不同外部文本编辑器(即使文本编辑器只是在 chrome 中打开一个带有 url 的新选项卡):
在外部文本编辑器中单击 link 后来自 chrome:
request.cookies => {"_my_app_session"=>"f32dc5c239fadfc494a775990112f2b5"}
从直接将 url 放入 chrome:
request.cookies => {"_my_app_session"=>"91ac136666b78499ea6e071f89cec7ee"}
这怎么可能?这是同一个浏览器.. 我认为浏览器中的所有选项卡都具有相同的 session 并且您无法更改它吗?
我知道这里发生了什么...Microsoft Word 是有问题的 "external editor",显然它在将其启动到您的 OS 默认值之前会在内部访问 url浏览器。我猜他们在监视他们的用户,看看他们要去哪里,以及在发送到浏览器之前网站的响应是什么。这就是会话不同的原因...
作为 已验证 用户,如果我通过外部文本编辑器访问 url 到我的应用程序,mimetype 在控制台中显示为“*/* ”,设计似乎多次重定向到“/sign_in”。这是一个问题,因为如果我转到“/foo”,它最初存储在 session 中,作为身份验证后到 return 的路径。由于重定向的次数,这个值在 session 中消失了,在设计最终意识到用户已经登录后,它最终重定向到“/”。
为了测试,我添加到我的应用程序控制器:
def authenticate_user!
puts "***** AUTHENTICATE USER CALLED!!!"
super
end
所以,如果我直接在浏览器中输入 url,mimetype 显示为 HTML,它会立即看到我已通过身份验证,并且一切都按预期呈现:
Started GET "/products/171" for 127.0.0.1 at 2015-02-11 17:04:53 -0800
ActiveRecord::SchemaMigration Load (0.4ms) SELECT "schema_migrations".* FROM "schema_migrations"
Processing by LayoutsController#show as HTML
Parameters: {"id"=>"171"}
***** AUTHENTICATE USER CALLED!!!
User Load (0.9ms) SELECT "users".* FROM "users" WHERE "users"."id" = 7 ORDER BY "users"."id" ASC LIMIT 1
Rendered html template within layouts/application (0.1ms)
Completed 200 OK in 1165ms (Views: 1127.7ms | ActiveRecord: 3.0ms)
但是,当我在外部文本编辑器中单击 link 时,出现了这种疯狂的行为:
Started GET "/products/171" for 127.0.0.1 at 2015-02-11 17:09:43 -0800
Processing by LayoutsController#show as */*
Parameters: {"id"=>"171"}
***** AUTHENTICATE USER!!!
Completed 401 Unauthorized in 4ms
I18N keys: [:en, :devise, :failure, :user, :unauthenticated]
I18N keys: [:en, :devise, :failure, :unauthenticated]
=> You need to sign in or sign up before continuing.
Started GET "/sign_in" for 127.0.0.1 at 2015-02-11 17:09:43 -0800
Processing by Devise::SessionsController#new as */*
I18N keys: [:en, :sign_in, :submit_button]
=> Sign in
I18N keys: [:en, :sign_in, :disabled]
=> Your account has been disabled.
Rendered devise/sessions/new.html.haml within layouts/sign_in (6.8ms)
Started GET "/sign_in" for 127.0.0.1 at 2015-02-11 17:09:45 -0800
Processing by Devise::SessionsController#new as HTML
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = 7 ORDER BY "users"."id" ASC LIMIT 1
I18N keys: [:en, :devise, :failure, :already_authenticated]
=> You are already signed in.
Redirected to http://localhost:3000/
Filter chain halted as :require_no_authentication rendered or redirected
Completed 302 Found in 5ms (ActiveRecord: 0.5ms)
Started GET "/" for 127.0.0.1 at 2015-02-11 17:09:45 -0800
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = 7 ORDER BY "users"."id" ASC LIMIT 1
Processing by LayoutsController#show as HTML
***** AUTHENTICATE USER!!!
Completed 200 OK in 244ms (Views: 178.8ms | ActiveRecord: 0.0ms)
注意“重定向到 http://localhost:3000/" rather than http://localhost:3000/products/171,这是应该发生的事情。
为什么 */* 会导致此行为,我该如何解决?
更新
显然问题是,直接从 Chrome 的 url 栏访问和单击 link 栏之间的 sessions 完全不同外部文本编辑器(即使文本编辑器只是在 chrome 中打开一个带有 url 的新选项卡):
在外部文本编辑器中单击 link 后来自 chrome:
request.cookies => {"_my_app_session"=>"f32dc5c239fadfc494a775990112f2b5"}
从直接将 url 放入 chrome:
request.cookies => {"_my_app_session"=>"91ac136666b78499ea6e071f89cec7ee"}
这怎么可能?这是同一个浏览器.. 我认为浏览器中的所有选项卡都具有相同的 session 并且您无法更改它吗?
我知道这里发生了什么...Microsoft Word 是有问题的 "external editor",显然它在将其启动到您的 OS 默认值之前会在内部访问 url浏览器。我猜他们在监视他们的用户,看看他们要去哪里,以及在发送到浏览器之前网站的响应是什么。这就是会话不同的原因...