Https 在rails会话存储配置中启用安全选项时未设置Cookie?
下面是我在session_store.rb中的代码Https 在rails会话存储配置中启用安全选项时未设置Cookie?,https,passenger,ruby-on-rails-4.1,Https,Passenger,Ruby On Rails 4.1,下面是我在session_store.rb中的代码 Rails.application.config.session_store :active_record_store , key: '_test_key', secure: :true 当请求具有上述配置的rails应用程序时,浏览器接收以下响应标头: Cache-Control:no-cache Content-Type:text/html; charset=utf-8 Date:Fri, 10 Aug 2018 10:46:51 GM
Rails.application.config.session_store :active_record_store , key: '_test_key', secure: :true
当请求具有上述配置的rails应用程序时,浏览器接收以下响应标头:
Cache-Control:no-cache
Content-Type:text/html; charset=utf-8
Date:Fri, 10 Aug 2018 10:46:51 GMT
Location:https://xxxxx-xxxx.com/home
Server:nginx/1.12.2 + Phusion Passenger 5.2.3
Status:302 Found
Transfer-Encoding:chunked
X-Content-Type-Options:nosniff
X-Frame-Options:SAMEORIGIN
X-Powered-By:Phusion Passenger 5.2.3
X-Request-Id:xxxxxxxxxxxe5-7f1a2bb20b23
X-Runtime:1.191833
X-XSS-Protection:1; mode=block
问题是响应中缺少“Set Cookie”标头,该标头将在下一个验证请求中发送给应用程序,因为它是302状态代码
当我从如下配置中删除“安全”时,“cookie”被发送
回应如下:
Cache-Control:no-cache
Content-Type:text/html; charset=utf-8
Date:Fri, 10 Aug 2018 10:38:05 GMT
Location:https://xxxxxx-wspbx.com/home
Server:nginx/1.12.2 + Phusion Passenger 5.2.3
SetCookie-:_test_key=06b1bd1397fa64af1eb9c9ed4d2e0b0b; path=/; HttpOnly
Status:302 Found
Transfer-Encoding:chunked
X-Content-Type-Options:nosniff
X-Frame-Options:SAMEORIGIN
X-Powered-By:Phusion Passenger 5.2.3
X-Request-Id:xxxxxxxxxxxxxxxxx7-58e1baab7dc8
X-Runtime:1.207210
X-XSS-Protection:1; mode=block
当为会话存储提供了“安全”选项时,“设置Cookie”为什么不发送到浏览器?您现在可能已经明白了,但以防万一,
secure:true
只允许通过加密的HTTPS(SSL/TLS)连接发送Cookie,而您很可能在本地没有这种连接
你可以这样做:
Rails.application.config.session_store :active_record_store , key: '_test_key', secure: !(Rails.env.development? || Rails.env.test?)
只要生产
使用ssl,它就可以工作,您可能需要添加:
config.force\u ssl=true
到您的production.rb
我通过这个猴子补丁解决了这个问题,而不是指定secure::true:
require 'rack/utils'
module Rack
module Utils
def self.set_cookie_header!(header, key, value)
case value
when Hash
domain = "; domain=" + value[:domain] if value[:domain]
path = "; path=" + value[:path] if value[:path]
max_age = "; max-age=" + value[:max_age] if value[:max_age]
expires = "; expires=" +
rfc2822(value[:expires].clone.gmtime) if value[:expires]
# Make always secure
# secure = "; secure" if value[:secure]
secure = "; secure"
httponly = "; HttpOnly" if value[:httponly]
same_site =
case value[:same_site]
when false, nil
nil
when :none, 'None', :None
'; SameSite=None'
when :lax, 'Lax', :Lax
'; SameSite=Lax'
when true, :strict, 'Strict', :Strict
'; SameSite=Strict'
else
raise ArgumentError, "Invalid SameSite value: #{value[:same_site].inspect}"
end
value = value[:value]
end
value = [value] unless Array === value
cookie = escape(key) + "=" +
value.map { |v| escape v }.join("&") +
"#{domain}#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}"
case header["Set-Cookie"]
when nil, ''
header["Set-Cookie"] = cookie
when String
header["Set-Cookie"] = [header["Set-Cookie"], cookie].join("\n")
when Array
header["Set-Cookie"] = (header["Set-Cookie"] + [cookie]).join("\n")
end
nil
end
end
end
require 'rack/utils'
module Rack
module Utils
def self.set_cookie_header!(header, key, value)
case value
when Hash
domain = "; domain=" + value[:domain] if value[:domain]
path = "; path=" + value[:path] if value[:path]
max_age = "; max-age=" + value[:max_age] if value[:max_age]
expires = "; expires=" +
rfc2822(value[:expires].clone.gmtime) if value[:expires]
# Make always secure
# secure = "; secure" if value[:secure]
secure = "; secure"
httponly = "; HttpOnly" if value[:httponly]
same_site =
case value[:same_site]
when false, nil
nil
when :none, 'None', :None
'; SameSite=None'
when :lax, 'Lax', :Lax
'; SameSite=Lax'
when true, :strict, 'Strict', :Strict
'; SameSite=Strict'
else
raise ArgumentError, "Invalid SameSite value: #{value[:same_site].inspect}"
end
value = value[:value]
end
value = [value] unless Array === value
cookie = escape(key) + "=" +
value.map { |v| escape v }.join("&") +
"#{domain}#{path}#{max_age}#{expires}#{secure}#{httponly}#{same_site}"
case header["Set-Cookie"]
when nil, ''
header["Set-Cookie"] = cookie
when String
header["Set-Cookie"] = [header["Set-Cookie"], cookie].join("\n")
when Array
header["Set-Cookie"] = (header["Set-Cookie"] + [cookie]).join("\n")
end
nil
end
end
end