In der Produktion nur, habe ich Completed 401 Unauthorized Fehler, wenn ich mich abmelden und wieder anmelden oder wenn ich versuche, das Passwort zurückzusetzen. Es funktioniert gut in meiner Staging-Umgebung. Die Flash-Nachrichten erscheinen nicht, wenn ich diesen Fehler erhalte und ich kann nicht sehen, was vor sich geht. Ich weiß, dass einige andere Leute ähnliche Fehler haben, aber ihre Lösungen scheinen nicht zu funktionieren. Dies tritt nur bei Chrome für Desktop auf und funktioniert gut für Chrome unter iOS, Safari und Firefox. Das Problem ist gelöst, wenn ich meinen Cache lösche.401 Fehler beim Abmelden, dann versuchen, wieder für Schienen zu verbinden App in Chrome Desktop
I aktualisiert 4.1 zu entwickeln, Schienen ist 4.2.5.1
Hier werden die Fehlerprotokolle sind:
2016-05-17T22:10:07.831826+00:00 app[web.1]: (4.8ms) COMMIT
2016-05-17T22:10:07.834098+00:00 app[web.1]: Redirected to https://dashboard.withinhealth.com/
2016-05-17T22:10:07.835722+00:00 app[web.1]: Completed 302 Found in 310ms (ActiveRecord: 114.2ms)
2016-05-17T22:10:07.984101+00:00 app[web.1]: Started GET "/" for 66.30.250.221 at 2016-05-17 22:10:07 +0000
2016-05-17T22:10:07.987887+00:00 app[web.1]: Processing by DashboardController#home as HTML
2016-05-17T22:10:07.988723+00:00 app[web.1]: Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms)
Vielleicht sind die Unterschiede zwischen der Entwicklung und Produktionsumgebung sind die Probleme verursacht. Hier:
development.rb
Rails.application.configure do
Dotenv::Railtie.load
TV_API_KEY = ENV["TRUEVAULT_API_KEY"]
TV_A_VAULT_ID = ENV["TRUEVAULT_VAULT_ID"]
TV_ACCOUNT_ID = ENV["TRUEVAULT_ACCT_ID"]
config.cache_classes = false
config.eager_load = false
config.consider_all_requests_local = true
config.action_controller.perform_caching = false
config.action_mailer.default_url_options = { :host => 'within-staging.herokuapp.com' }
config.action_mailer.raise_delivery_errors = true
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
address: "smtp.gmail.com",
port: 587,
domain: ENV["GMAIL_DOMAIN"],
authentication: "plain",
enable_starttls_auto: true,
user_name: ENV["GMAIL_USERNAME"],
password: ENV["GMAIL_PASSWORD"],
}
config.active_support.deprecation = :log
config.active_record.migration_error = :page_load
config.assets.debug = true
config.assets.digest = true
config.force_ssl = true
config.assets.raise_runtime_errors = true
end
production.rb
Rails.application.configure do
config.cache_classes = true
config.eager_load = true
config.consider_all_requests_local = false
config.action_controller.perform_caching = true
config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'].present?
config.assets.js_compressor = :uglifier
config.assets.compile = true
config.assets.digest = true
config.force_ssl = true
config.log_level = :debug
config.action_mailer.default_url_options = { :host => 'dashboard.withinhealth.com' }
Rails.application.routes.default_url_options[:host] = 'dashboard.withinhealth.com'
config.action_mailer.delivery_method = :smtp
config.action_mailer.perform_deliveries = true
config.action_mailer.raise_delivery_errors = true
config.action_mailer.default :charset => "utf-8"
config.action_mailer.smtp_settings = {
address: "smtp.gmail.com",
port: 587,
domain: ENV["GMAIL_DOMAIN"],
authentication: "plain",
enable_starttls_auto: true,
user_name: ENV["GMAIL_USERNAME"],
password: ENV["GMAIL_PASSWORD"]
}
config.i18n.fallbacks = true
config.active_support.deprecation = :notify
config.log_formatter = ::Logger::Formatter.new
config.active_record.dump_schema_after_migration = false
end
Initialisierer/devise.rb
Devise.setup do |config|
config.secret_key = ENV["SECRET_KEY_BASE"]
config.mailer_sender = '[email protected]'
config.mailer = 'Devise::Mailer'
require 'devise/orm/active_record'
config.case_insensitive_keys = [:email]
config.strip_whitespace_keys = [:email]
config.skip_session_storage = [:http_auth]
config.clean_up_csrf_token_on_authentication = true
config.stretches = Rails.env.test? ? 1 : 10
config.reconfirmable = true
config.expire_all_remember_me_on_sign_out = true
config.password_length = 8..72
config.reset_password_within = 6.hours
config.scoped_views = true
config.sign_out_via = :delete
end
session_store.rb
Rails.application.config.session_store :cookie_store, key: '_within-rail_session'
Rails.application.config.session_store :cookie_store, key: 'intercom-session-' + IntercomRails.config.app_id
application_controller.rb
class ApplicationController < ActionController::Base
before_filter :set_cache_headers
before_action :configure_permitted_parameters, if: :devise_controller?
protected
def authenticate_any!
if admin_signed_in?
true
elsif user_signed_in?
true
else
authenticate_user!
end
end
def set_cache_headers
response.headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
response.headers["Pragma"] = "no-cache"
response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
end
# Overwriting the sign_out redirect path method
def after_sign_out_path_for(resource_or_scope)
signin_path
end
def after_sign_in_path_for(resource_or_scope)
if resource_or_scope.is_a?(User)
super
else
users_path
end
end
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << [:name]
devise_parameter_sanitizer.for(:account_update) << [:name]
end
end
dashboard_controller.rb
class DashboardController < ApplicationController
before_action :authenticate_user!
def home
...
end
end
EDIT Wenn ich protect_from_forgery with: :null_session in meinem application_controller haben, dann wird das Fehlerprotokoll sagt: "Kann CSRF-Token Authentizität nicht überprüfen".