1
在一个Rails 3.0的应用程序,我有许多方法,像这样的一个控制器,为什么redirect_to _path提供HTTP而不是HTTPS url?
class ReviewsController
# POST "/reviews/new_submit_form"
def new_submit_for
# some logic
redirect_to new_subject_reviews_url(:format => "js")
end
end
** terminal output **
Started POST "/reviews/new_submit_form" for 127.0.0.1 at 2012-07-06 11:40:00 -0400
Processing by ReviewsController#new_submit_form as
Parameters: {"question_sheet_id"=>"23"}
Existing local CAS session detected for "[email protected]". Previous ticket "XX-1111-CjtSMaVpmiqBPsBoufke-plidma41" will be re-used.
Redirected to http://website.org/reviews/new_subject.js
Completed 302 Found in 1ms
的问题是redirect_to new_subject_reviews_url(:format => "js")
回报HTTP URL,而不是HTTPS URL。
我发现了一个解决方案,redirect_to new_subject_reviews_url(:format => "js", :protoco => "https://")
,但这需要我通过Rails应用程序编辑该方法。如何在Rails应用程序中全局修复此问题,而不会大幅度黑客攻击Rails?
要澄清一下,首先是通过HTTPS加载此页面吗? – Gareth 2012-07-06 16:51:09
是的,页面首先通过HTTP加载。也许比需要更多的信息,但用户首先通过CAS认证,然后通过HTTPS传送到主页。 – westonplatter 2012-07-06 16:59:56