0
我有一個Rails應用程序,如果用戶鍵入一個不存在的url,我將重定向到一個404頁面。我這樣做是因爲我的日誌顯示有人試圖在我的編碼中找到漏洞來攻擊網站。不幸的是,強制重定向的代碼影響了我無法將個人訂閱到列表的應用程序。這是我的application_controller.rb文件。Rails 404影響控制器動作的重定向方法
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_filter :verified_request?
$attack_attempts = 0
rescue_from ActiveRecord::RecordNotFound, with: :not_found
rescue_from Exception, with: :not_found
rescue_from ActionController::RoutingError, with: :not_found
def verified_request?
if request.content_type == "application/json"
true
else
super()
end
end
def raise_not_found
raise ActionController::RoutingError.new("No route matches # {params[:unmatched_route]}")
end
private
def not_found
$attack_attempts+=1
if($attack_attempts >=5)
flash[:alert] = ' Your attempt to hack this website has been recorded. Stop doing this, or else you would be fined. You wont like it.'
end
respond_to do |format|
format.html { render :file => "#{Rails.root}/public/404", :layout => false, :status => :not_found }
format.xml { head :not_found }
format.any { head :not_found }
end
end
def error
respond_to do |format|
format.html { render :file => "#{Rails.root}/public/500", :layout => false, :status => :error }
format.xml { head :not_found }
format.any { head :not_found }
end
end
end
我有這行代碼在我的routes.rb文件:
get '*unmatched_route', to: 'application#raise_not_found'
然後這是我的殼給我的輸出:
Started POST "/subscribe" for ::1 at 2015-11-13 16:10:52 -0700
Started POST "/subscribe" for ::1 at 2015-11-13 16:10:52 -0700
Processing by OpenhwyController#subscribe as HTML
Processing by OpenhwyController#subscribe as HTML
Parameters: {"authenticity_token"=>"pE3nXohfktO/oyHH7d0C/5Z3REHPgjuJuFTTMxdmv1Dzx+jE5hBfR1b0S0PDec+OORbQA29yEvzJTw3J8zgOAg==", "first_name"=>"wfrwfrw", "last_name"=>"fwrfwfw", "email"=>"wrwfwfr"}
Parameters: {"authenticity_token"=>"pE3nXohfktO/oyHH7d0C/5Z3REHPgjuJuFTTMxdmv1Dzx+jE5hBfR1b0S0PDec+OORbQA29yEvzJTw3J8zgOAg==", "first_name"=>"wfrwfrw", "last_name"=>"fwrfwfw", "email"=>"wrwfwfr"}
Rendered public/404.html.erb (0.7ms)
Rendered public/404.html.erb (0.7ms)
Completed 404 Not Found in 7ms (Views: 4.9ms | ActiveRecord: 0.0ms)
Completed 404 Not Found in 7ms (Views: 4.9ms | ActiveRecord: 0.0ms)
source=rack-timeout id=eded6b111d5138a15736722031037e4c timeout=15000ms service=14ms state=completed
source=rack-timeout id=eded6b111d5138a15736722031037e4c timeout=15000ms service=14ms state=completed
更多參考爲了不執行這個動作:
def subscribe
begin
gb = Gibbon::Request.new
list_id = "********" list id hidden for security sake.
subscribe = gb.lists(list_id).members.create(body: {email_address: params[:email], status: "subscribed", merge_fields: {FNAME: params[:first_name], LNAME: params[:last_name]}})
if subscribe
redirect_to :back, notice: " Congrats You'll be notified as soon as we go live!!"
end
rescue Gibbon::MailChimpError => e
redirect_to :back, alert: " Please fill out all fields with the required info to subscribe, emails in this format:[email protected]'sdomain"
end
end
正如@jvnill所問。我加入的routes.rb文件:
Rails.application.routes.draw do
root 'openhwy#coming_soon'
post 'subscribe', to: 'openhwy#subscribe'
get 'about_us', to: 'openhwy#about_us'
get 'pricing_page', to: 'openhwy#pricing_page'
get 'contact/send_contact_request'
post 'contact', to: 'openhwy#contact'
get '*unmatched_route', to: 'application#raise_not_found'
end
答:
感謝@jvnill和@marek的貢獻。錯誤與此行有關:
rescue_from Exception, with: :not_found
這迫使404頁面出現錯誤,即使它不是與操作有關的錯誤。
做你把所有的路線放到路線文件的底部? – jvnill
是的,我做到了。我會更新與路線文件的問題。 @jvnill – mrtorks
啊我的不好。從日誌中,請求不會通過捕獲所有路由。它仍然會進入「訂閱」動作。我認爲問題出在'gb.lists(list_id)'上。如果您在lists方法中使用'.find',並且您傳遞的id不在數據庫中,那麼您將在生產中獲得404。 – jvnill