在我的Rails 4应用程序中,我有一个before_action要求用户登录,如下所示: class ApplicationController ActionController::Base protect_from_forgery with: :exception before_action :require_login def require_login unless logge
class ApplicationController < ActionController::Base protect_from_forgery with: :exception before_action :require_login def require_login unless logged_in? flash[:alert] = "You must be logged in to access this section." redirect_to login_path end end def logged_in? # more logic end end
当我在没有登录的情况下访问example.com时,我会按预期重定向到example.com/login.但是,我在控制台中看到此错误:
The page at 'https://example.com/login' was loaded over HTTPS, but displayed insecure content from 'http://example.com/login': this content should also be loaded over HTTPS.
网络选项卡似乎表明我的redirect_to指向HTTP而不是HTTPS.当它到达HTTP时,它会自动重定向到HTTPS.
Request URL:http://example.com/login Request Method:GET Status Code:301 Moved Permanently # In the response headers: Location:https://example.com/login
有没有办法告诉redirect_to它应该使用HHTPS而不是HTTP,或者这是一个nginx配置?我认为使用login_path而不是login_url会解决问题,因为它应该是相对于基础的,但这似乎不起作用.
更新:
我还想过使用force_ssl,但担心我正在用锤子敲针.如果我弄错了,请随意纠正我.
使用#force_ssl
:
class ApplicationController < ActionController::Base force_ssl # use HTTPS for all actions protect_from_forgery with: :exception before_action :require_login def require_login unless logged_in? flash[:alert] = "You must be logged in to access this section." redirect_to login_path end end def logged_in? # more logic end end