在我的Rails 4应用程序中,我有一个before_action要求用户登录,如下所示: class ApplicationController ActionController::Base protect_from_forgery with: :exception before_action :require_login def require_login unless logge
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :require_login
def require_login
unless logged_in?
flash[:alert] = "You must be logged in to access this section."
redirect_to login_path
end
end
def logged_in?
# more logic
end
end
当我在没有登录的情况下访问example.com时,我会按预期重定向到example.com/login.但是,我在控制台中看到此错误:
The page at 'https://example.com/login' was loaded over HTTPS, but displayed insecure content from 'http://example.com/login': this content should also be loaded over HTTPS.
网络选项卡似乎表明我的redirect_to指向HTTP而不是HTTPS.当它到达HTTP时,它会自动重定向到HTTPS.
Request URL:http://example.com/login Request Method:GET Status Code:301 Moved Permanently # In the response headers: Location:https://example.com/login
有没有办法告诉redirect_to它应该使用HHTPS而不是HTTP,或者这是一个nginx配置?我认为使用login_path而不是login_url会解决问题,因为它应该是相对于基础的,但这似乎不起作用.
更新:
我还想过使用force_ssl,但担心我正在用锤子敲针.如果我弄错了,请随意纠正我.
使用#force_ssl:
class ApplicationController < ActionController::Base
force_ssl # use HTTPS for all actions
protect_from_forgery with: :exception
before_action :require_login
def require_login
unless logged_in?
flash[:alert] = "You must be logged in to access this section."
redirect_to login_path
end
end
def logged_in?
# more logic
end
end