Rails SSL Requirement 插件——在重定向到 https 之前,它不应该检查您是否处于生产模式吗?
不是吗?检查您是否处于生产模式? 我们在开发模式下看到重定向到 https,这看起来很奇怪。 或者这是插件的正常行为? 我认为它过去的表现有所不同。
Take a look at the ssl_requirement plugin.
Shouldn't it check to see if you're in production mode? We're seeing a redirect to https in development mode, which seems odd. Or is that the normal behavior for the plugin? I thought it behaved differently in the past.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
我猜他们认为您应该在开发模式下使用 HTTPS(也许带有自签名证书)。 如果这不是所需的行为,则没有什么可以阻止您自己在开发环境中使用特殊的 SSL 行为:
I guess they believe that you should probably be using HTTPS (perhaps with a self-signed certificate) in development mode. If that's not the desired behaviour, there's nothing stopping you from special casing SSL behaviour in the development environment yourself:
理想情况下,您应该测试您的应用程序在敏感阶段是否重定向到 https。
Ideally you should be testing that your application redirects to https during sensitive stages.
在开发环境中要求 SSL 没有多大意义。
您可以使用 Rails 内置的模拟工具来消除插件 ssl_required? 方法。
在应用程序根目录下创建一个文件 test/mocks/development/application.rb
这样,开发环境中就不再需要 SSL。
There isn't much point in requiring SSL in the development environment.
You can stub out the plugins ssl_required? method using Rails' built in mocking facilities.
Under your application root directory create a file test/mocks/development/application.rb
This way SSL is never required in the development environment.
实际上,通过 https 重定向是网络服务器的责任。 恕我直言,在 Rails 中为每个请求添加额外的请求哈希验证是一项开销。 我编写了 nginx config,其中包括以下重写:
rewrite ^(.*) https://$host$1永恒的;
actually, redirect over https is a webserver responsibility. Add extra request hash verification per each request into Rails is a overhead IMHO. I wrote nginx config, which include following rewrite:
rewrite ^(.*) https://$host$1 permanent;