ruby-on-rails – 设计:无法验证服务器上启用HTTPS的CSRF令牌真实性(无JSON / API)
作者:互联网
我正在建立一个Rails博客.我正在使用Rails 5和Devise 4.2.0.该应用程序使用Nginx和Puma在Ubuntu Server上运行,并与Capistrano一起部署.在Nginx上启用HTTPS(使用有效的SSL证书)并在HTTP中添加301重定向格式之前,所有内容都非常适用于生产.
我检查了生产日志,日志中的真实性密钥与我在浏览器中看到的密钥不匹配.
这是我正在使用的nginx.conf文件:
upstream puma {
server unix:///home/deploy/apps/example-blog/shared/tmp/sockets/example-blog-puma.sock;
}
server { # Redirect HTTP to HTTPS
# Bind port(s)
listen 80;
listen [::]:80;
# Bind domain(s)
server_name blog.example.com;
# 301 redirect to HTTPS
return 301 https://$server_name$request_uri;
}
server { # Primary server block
# Bind port(s)
listen 443 default_server ssl;
# Bind domain(s)
server_name blog.example.com;
# Bind certificate(s)
ssl_certificate /etc/nginx/ssl/blog.example.com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/blog.example.com/blog.example.com.key;
root /home/deploy/apps/example-blog/current/public;
access_log /home/deploy/apps/example-blog/current/log/nginx.access.log;
error_log /home/deploy/apps/example-blog/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
有谁知道这里会发生什么?
如果您需要更多信息,请与我们联系.
谢谢
解决方法:
添加了proxy_set_header X-Forwarded-Proto $scheme;到了@puma的位置.
标签:csrf-protection,ruby-on-rails,nginx,ssl,devise 来源: https://codeday.me/bug/20190828/1756646.html