从 chrome 扩展程序向 Rails 应用程序发送 /oauth/authorize 请求时,来自 https:// 的正斜杠被删除了吗?
A forward slash from https:// is being removed when sending a /oauth/authorize request to a Rails app from a chrome extension?
我正在从 Chrome 扩展程序向托管在 Heroku 上的 Rails 应用程序发出 launchWebAuthFlow 授权代码请求。 Doorkeeper 是 Rails 的 OAuth 包装器,它正在处理我的请求。更具体地说,Doorkeeper::AuthorizationsController#new 将请求处理为 HTML(为什么 HTML?)。
URL 编码的 redirect_uri 和 rails 参数中显示的 redirect_uri 都缺少正斜杠 (/)。 url 在 chrome 扩展方面是正确的(除非 launchWebAuthFlow 内置函数正在对其执行某些操作),所以我认为服务器上发生了一些事情。
它在开发中有效,所以我认为扩展没有任何问题。该应用程序托管在 Heroku 上。
知道这里可能出了什么问题吗?
基于此 link,Apache 拒绝路径部分中所有带有 %2F 的 URL,出于安全原因:脚本无法正常(即不重写)告诉由于 PATH_INFO 环境变量被自动 URL 解码,%2F 和 / 之间的差异。
You can turn this feature off using the AllowEncodedSlashes directive, but note that other web servers will still disallow it (with no option to turn that off), and that other characters may also be taboo (eg. %5C), and that %00 in particular will always be blocked by both Apache and IIS. So if your application relied on being able to have %2F or other characters in a path part you'd be limiting your compatibility/deployment options.
You should use rawurlencode(), not urlencode() for escaping path parts. urlencode() is misnamed, it is actually for application/x-www-form-urlencoded data such as in the query string or the body of a POST request, and not for other parts of the URL.
The difference is that + doesn't mean space in path parts. rawurlencode() will correctly produce %20 instead, which will work both in form-encoded data and other parts of the URL.
希望对您有所帮助!
我正在从 Chrome 扩展程序向托管在 Heroku 上的 Rails 应用程序发出 launchWebAuthFlow 授权代码请求。 Doorkeeper 是 Rails 的 OAuth 包装器,它正在处理我的请求。更具体地说,Doorkeeper::AuthorizationsController#new 将请求处理为 HTML(为什么 HTML?)。
URL 编码的 redirect_uri 和 rails 参数中显示的 redirect_uri 都缺少正斜杠 (/)。 url 在 chrome 扩展方面是正确的(除非 launchWebAuthFlow 内置函数正在对其执行某些操作),所以我认为服务器上发生了一些事情。
它在开发中有效,所以我认为扩展没有任何问题。该应用程序托管在 Heroku 上。
知道这里可能出了什么问题吗?
基于此 link,Apache 拒绝路径部分中所有带有 %2F 的 URL,出于安全原因:脚本无法正常(即不重写)告诉由于 PATH_INFO 环境变量被自动 URL 解码,%2F 和 / 之间的差异。
You can turn this feature off using the
AllowEncodedSlashesdirective, but note that other web servers will still disallow it (with no option to turn that off), and that other characters may also be taboo (eg.%5C), and that%00in particular will always be blocked by both Apache and IIS. So if your application relied on being able to have%2For other characters in a path part you'd be limiting your compatibility/deployment options.You should use
rawurlencode(), noturlencode()for escaping path parts.urlencode()is misnamed, it is actually forapplication/x-www-form-urlencodeddata such as in the query string or the body of a POST request, and not for other parts of the URL.The difference is that
+doesn't mean space in path parts.rawurlencode()will correctly produce%20instead, which will work both in form-encoded data and other parts of the URL.
希望对您有所帮助!