Rails ckeditor 插件和基本身份验证的问题
使用 rails-ckeditor ,每当我尝试上传文件时都会收到 401 异常使用“浏览服务器”然后“上传”按钮来获取图像。我现在使用简单的基本身份验证来保护我的网站,
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :authenticate
def logged_in?
# cookies[:auth].present?
end
def authenticate
# unless logged_in?
authenticate_or_request_with_http_basic do |login, password|
if(login == "user1" && password == "password")
cookies.permanent.signed[:auth] = login
end
end
# end
end
def current_church
@current_church ||= Church.first
end
end
如果我禁用基本身份验证,一切都会正常。有补救办法吗?
谢谢-wg
Using the rails-ckeditor and I'm getting a 401 exception anytime I try to upload an image using the "Browse Server" and then "Upload" buttons. I'm securing my site right now using simple basic authentication as such
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :authenticate
def logged_in?
# cookies[:auth].present?
end
def authenticate
# unless logged_in?
authenticate_or_request_with_http_basic do |login, password|
if(login == "user1" && password == "password")
cookies.permanent.signed[:auth] = login
end
end
# end
end
def current_church
@current_church ||= Church.first
end
end
If I disable basic authentication everything works fine. Is there a remedy for this?
Thanks -wg
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
问题在于使用 SWFUpload (flash) 发送 cookie。
这个链接让我找到了正确的方向:
http://ruby-on-rails -development.co.uk/2011/05/23/securing-ckeditor-file-management
解决方案是遵循该文章中的指示并添加以下内容:
在flash_session_cookie_middleware.rb文件添加
env['HTTP_COOKIE'] = [ 'auth', params['auth'] ].join('=').freeze
在base_helper.rb文件中(在/app/helpers/ckeditor)添加以下内容:
options['auth'] = Rack::Utils.escape(cookies[:auth])
此 gem 的最新源已经处理基于会话的令牌和真实性令牌。仅当您使用基于 cookie 的方法来管理身份验证票证时,才需要这个简单的技巧。
Problem is with using SWFUpload (flash) to send up cookies.
This link got me looking in the right direction:
http://ruby-on-rails-development.co.uk/2011/05/23/securing-ckeditor-file-management
The solution is to follow the directiosn from that article with the following additions:
In the flash_session_cookie_middleware.rb file add
env['HTTP_COOKIE'] = [ 'auth', params['auth'] ].join('=').freeze
In the base_helper.rb file (under /app/helpers/ckeditor) add the following:
options['auth'] = Rack::Utils.escape(cookies[:auth])
The latest source for this gem handles session based tokens and the authenticity token already. This simple hack is only needed if your going with a cookie based approach to managing your authentication ticket.