Rails & 设计使用 POST 请求退出。如何将其更改为 DELETE 请求?
Rails & Devise using POST request for sign out. How can I change this to a DELETE request?
我正在使用 Rails 6.0.3.4、Devise 4.7.3 进行身份验证并在 Google Chrome 上测试我的应用程序。我使用 Docker 和 Docker Compose 将应用程序容器化,我使用 PostgreSQL 作为数据库,使用 ElasticSearch 进行搜索,使用 NGINX 作为 Web 服务器。
我可以成功登录。但是,当我尝试通过单击注销按钮注销时,它不会注销,只会重定向到主页。
<%= link_to "Log Out", destroy_user_session_path, method: :delete, :class => 'nav-link' %>
NGINX 服务器在尝试注销时显示 POST 请求而不是 DELETE 请求,我不确定为什么会这样。
37.228.235.151 - - [23/Jan/2021:19:50:12 +0000] "POST /users/sign_out HTTP/1.1" 302 97 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36" "-"
当我 运行 搜索路由时,它显示 destroy_user_session 为:
destroy_user_session DELETE /users/sign_out(.:format) devise/sessions#destroy
我的 devise.rb 初始化程序有:
config.sign_out_via = :delete
我的 Devise 控制器都是标准的(我没有编辑它们)。
这是我的应用程序控制器
class ApplicationController < ActionController::Base
protect_from_forgery prepend: true
# To enable sign in to function correctly.
skip_before_action :verify_authenticity_token, :only => :create
before_action :configure_permitted_parameters, if: :devise_controller?
def index
end
protected
# Restrict parameters for sign up input.
def configure_permitted_parameters
added_attrs = [:first_name, :last_name, :email, :encrypted_password, :password_confirmation, :remember_me]
devise_parameter_sanitizer.permit(:sign_up, keys: added_attrs)
devise_parameter_sanitizer.permit(:account_update, keys: added_attrs)
devise_parameter_sanitizer.permit(:sign_in, keys: added_attrs)
end
end
这是我的 Application.html.erb
<!DOCTYPE html>
<html>
<head>
<title>MyApp</title>
<link rel="manifest" href="/manifest.webmanifest" crossorigin="use-credentials">
<link rel="apple-touch-icon" href="/apple-touch-icon.png">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ff8a00">
<meta name="msapplication-navbutton--color" content="#ff8a00">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="default">
<%= csrf_meta_tags %>
<%= csp_meta_tag %>
<%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %>
<%= javascript_pack_tag 'application', 'data-turbolinks-track': 'reload' %>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
<link href="https://fonts.googleapis.com/css?family=Text+Me+One&display=swap" rel="stylesheet">
</head>
<body id="<%= controller.controller_name %>" class="<%= controller.action_name %> <%= "show-sidebar" if @show_sidebar.present? %>">
<div class="wrapper">
<% if @show_sidebar.nil? %>
<header>
<%= render "layouts/nav/public" %>
</header>
<%= yield %>
<% else %>
<%= render "layouts/nav/dashboard" %>
<div class="container-fluid">
<div class="row">
<%= render "layouts/nav/sidebar" %>
<main role="main" class="col-md-9 ml-sm-auto col-lg-10 px-md-4 mt-4">
<%= yield %>
</main>
</div>
</div>
<% end %>
<div class="push"></div>
</div>
<%= render "layouts/footer" %>
<div id="notifications"><%= notice %></div>
<!-- PWA Step 1 - Registration -->
<script type="text/javascript">
if ('serviceWorker' in navigator) {
window.addEventListener('load', function() {
navigator.serviceWorker.register('/service-worker.js').then(function(registration) {
// Registration was successful
console.log('ServiceWorker registration successful with scope: ', registration.scope);
}, function(err) {
// registration failed :(
console.log('ServiceWorker registration failed: ', err);
});
});
}
</script>
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/feather-icons/4.9.0/feather.min.js"></script>
<script>feather.replace()</script>
<%= javascript_pack_tag "counter" %>
</body>
</html>
这是显示登录/注销的视图部分 link。
<ul class="navbar-nav mr-auto" id="right-nav-menu">
<li class="nav-item">
<% if notice %>
<p class="nav-link"><%= notice %></p>
<% end %>
<% if alert %>
<p class="nav-link"><%= alert %></p>
<% end %>
</li>
<li class="nav-item">
<% if user_signed_in? %>
<strong class="nav-link"><p><%= current_user.first_name %> <%= current_user.last_name %></p></strong>
<% end %>
</li>
<% if user_signed_in? %>
<li class="nav-item">
<strong><%= link_to 'Edit Profile', edit_user_registration_path, :class => 'nav-link' %></strong>
</li>
<li class="nav-item">
<strong><%= link_to "Log Out", destroy_user_session_path, method: :delete, :class => 'nav-link' %></strong>
</li>
<% else %>
<li class="nav-item">
<strong><%= link_to "Log In", new_user_session_path, :class => 'nav-link' %></strong>
</li>
<li class="nav-item">
<strong><%= link_to "Sign Up", new_user_registration_path, :class => 'nav-link' %></strong>
</li>
<% end %>
</ul>
感谢任何帮助。
在您的 initializer/devise.rb 中,尝试将 delete 替换为 get on config.sign_out_via = :删除
我了解 Rails 在将 link_to 与 method: :delete 一起使用时不会执行真正的 DELETE 请求。在此处查看 rails-ujs 代码:https://github.com/rails/rails/commit/ad3a47759e67a411f3534309cdd704f12f6930a7#diff-d9f2caa2a91064bb77ada650abdc7085044dffb4e4e35715e8ac64b1c72a0d69R16-R25
它使用方法 POST 和一个隐藏字段 _method 创建了一个表单。 Nginx 将看到 POST 请求,但 rails 知道如何将其读取为 DELETE 请求。
您在 Rails 日志中看到了什么?您在控制台中收到请求日志了吗?
TLDR;别担心。完全没问题。
HTML表单只能发送GET and POST requests. When you use link_to ... method: :delete with Rails UJS or just plain old forms with button_to ... method: :delete a POST request is used. While modern browsers will let you send DELETE and PATCH requests with XHR requests this does not apply to Rails UJS as the data-method handler实际上创建了一个隐藏的表单元素并提交
Rack (the Ruby CGI that Rails is built on top of) gets around this limitation by using a special parameter called _method which will make POST requests appear to be DELETE, PUT, PATCH etc. You might have noticed that strange hidden input in the output ofform_for/form_with. You can also use the HTTP_X_HTTP_METHOD_OVERRIDE header. See Rack::MethodOverride 这是在请求到达您的 Rails 应用程序之前转换请求的中间件。
当然,NGINX 对 Rack 的恶作剧一无所知,它的日志只会将其显示为常规 POST 请求。如果您使用浏览器中的检查器检查流量,同样适用。
但是,如果您检查 Rails 日志,您可以看到当请求从中间件堆栈向下到达您的 Rails 应用程序时,Rails 会认为这是一个 DELETE 请求一直以来。
我正在使用 Rails 6.0.3.4、Devise 4.7.3 进行身份验证并在 Google Chrome 上测试我的应用程序。我使用 Docker 和 Docker Compose 将应用程序容器化,我使用 PostgreSQL 作为数据库,使用 ElasticSearch 进行搜索,使用 NGINX 作为 Web 服务器。
我可以成功登录。但是,当我尝试通过单击注销按钮注销时,它不会注销,只会重定向到主页。
<%= link_to "Log Out", destroy_user_session_path, method: :delete, :class => 'nav-link' %>
NGINX 服务器在尝试注销时显示 POST 请求而不是 DELETE 请求,我不确定为什么会这样。
37.228.235.151 - - [23/Jan/2021:19:50:12 +0000] "POST /users/sign_out HTTP/1.1" 302 97 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36" "-"
当我 运行 搜索路由时,它显示 destroy_user_session 为:
destroy_user_session DELETE /users/sign_out(.:format) devise/sessions#destroy
我的 devise.rb 初始化程序有:
config.sign_out_via = :delete
我的 Devise 控制器都是标准的(我没有编辑它们)。
这是我的应用程序控制器
class ApplicationController < ActionController::Base
protect_from_forgery prepend: true
# To enable sign in to function correctly.
skip_before_action :verify_authenticity_token, :only => :create
before_action :configure_permitted_parameters, if: :devise_controller?
def index
end
protected
# Restrict parameters for sign up input.
def configure_permitted_parameters
added_attrs = [:first_name, :last_name, :email, :encrypted_password, :password_confirmation, :remember_me]
devise_parameter_sanitizer.permit(:sign_up, keys: added_attrs)
devise_parameter_sanitizer.permit(:account_update, keys: added_attrs)
devise_parameter_sanitizer.permit(:sign_in, keys: added_attrs)
end
end
这是我的 Application.html.erb
<!DOCTYPE html>
<html>
<head>
<title>MyApp</title>
<link rel="manifest" href="/manifest.webmanifest" crossorigin="use-credentials">
<link rel="apple-touch-icon" href="/apple-touch-icon.png">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ff8a00">
<meta name="msapplication-navbutton--color" content="#ff8a00">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="default">
<%= csrf_meta_tags %>
<%= csp_meta_tag %>
<%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %>
<%= javascript_pack_tag 'application', 'data-turbolinks-track': 'reload' %>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
<link href="https://fonts.googleapis.com/css?family=Text+Me+One&display=swap" rel="stylesheet">
</head>
<body id="<%= controller.controller_name %>" class="<%= controller.action_name %> <%= "show-sidebar" if @show_sidebar.present? %>">
<div class="wrapper">
<% if @show_sidebar.nil? %>
<header>
<%= render "layouts/nav/public" %>
</header>
<%= yield %>
<% else %>
<%= render "layouts/nav/dashboard" %>
<div class="container-fluid">
<div class="row">
<%= render "layouts/nav/sidebar" %>
<main role="main" class="col-md-9 ml-sm-auto col-lg-10 px-md-4 mt-4">
<%= yield %>
</main>
</div>
</div>
<% end %>
<div class="push"></div>
</div>
<%= render "layouts/footer" %>
<div id="notifications"><%= notice %></div>
<!-- PWA Step 1 - Registration -->
<script type="text/javascript">
if ('serviceWorker' in navigator) {
window.addEventListener('load', function() {
navigator.serviceWorker.register('/service-worker.js').then(function(registration) {
// Registration was successful
console.log('ServiceWorker registration successful with scope: ', registration.scope);
}, function(err) {
// registration failed :(
console.log('ServiceWorker registration failed: ', err);
});
});
}
</script>
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/feather-icons/4.9.0/feather.min.js"></script>
<script>feather.replace()</script>
<%= javascript_pack_tag "counter" %>
</body>
</html>
这是显示登录/注销的视图部分 link。
<ul class="navbar-nav mr-auto" id="right-nav-menu">
<li class="nav-item">
<% if notice %>
<p class="nav-link"><%= notice %></p>
<% end %>
<% if alert %>
<p class="nav-link"><%= alert %></p>
<% end %>
</li>
<li class="nav-item">
<% if user_signed_in? %>
<strong class="nav-link"><p><%= current_user.first_name %> <%= current_user.last_name %></p></strong>
<% end %>
</li>
<% if user_signed_in? %>
<li class="nav-item">
<strong><%= link_to 'Edit Profile', edit_user_registration_path, :class => 'nav-link' %></strong>
</li>
<li class="nav-item">
<strong><%= link_to "Log Out", destroy_user_session_path, method: :delete, :class => 'nav-link' %></strong>
</li>
<% else %>
<li class="nav-item">
<strong><%= link_to "Log In", new_user_session_path, :class => 'nav-link' %></strong>
</li>
<li class="nav-item">
<strong><%= link_to "Sign Up", new_user_registration_path, :class => 'nav-link' %></strong>
</li>
<% end %>
</ul>
感谢任何帮助。
在您的 initializer/devise.rb 中,尝试将 delete 替换为 get on config.sign_out_via = :删除
我了解 Rails 在将 link_to 与 method: :delete 一起使用时不会执行真正的 DELETE 请求。在此处查看 rails-ujs 代码:https://github.com/rails/rails/commit/ad3a47759e67a411f3534309cdd704f12f6930a7#diff-d9f2caa2a91064bb77ada650abdc7085044dffb4e4e35715e8ac64b1c72a0d69R16-R25
它使用方法 POST 和一个隐藏字段 _method 创建了一个表单。 Nginx 将看到 POST 请求,但 rails 知道如何将其读取为 DELETE 请求。
您在 Rails 日志中看到了什么?您在控制台中收到请求日志了吗?
TLDR;别担心。完全没问题。
HTML表单只能发送GET and POST requests. When you use link_to ... method: :delete with Rails UJS or just plain old forms with button_to ... method: :delete a POST request is used. While modern browsers will let you send DELETE and PATCH requests with XHR requests this does not apply to Rails UJS as the data-method handler实际上创建了一个隐藏的表单元素并提交
Rack (the Ruby CGI that Rails is built on top of) gets around this limitation by using a special parameter called _method which will make POST requests appear to be DELETE, PUT, PATCH etc. You might have noticed that strange hidden input in the output ofform_for/form_with. You can also use the HTTP_X_HTTP_METHOD_OVERRIDE header. See Rack::MethodOverride 这是在请求到达您的 Rails 应用程序之前转换请求的中间件。
当然,NGINX 对 Rack 的恶作剧一无所知,它的日志只会将其显示为常规 POST 请求。如果您使用浏览器中的检查器检查流量,同样适用。
但是,如果您检查 Rails 日志,您可以看到当请求从中间件堆栈向下到达您的 Rails 应用程序时,Rails 会认为这是一个 DELETE 请求一直以来。