1

使用rails-ckeditor并且每当我尝试使用“浏览服务器”然后“上传”按钮上传图像时,我都会收到 401 异常。我现在正在使用简单的基本身份验证来保护我的网站

class ApplicationController < ActionController::Base
  protect_from_forgery

  before_filter :authenticate

  def logged_in?
    # cookies[:auth].present?
  end

  def authenticate
    # unless logged_in?
      authenticate_or_request_with_http_basic do |login, password|
        if(login == "user1" && password == "password")
          cookies.permanent.signed[:auth] = login
        end
      end
    # end
  end

  def current_church
    @current_church ||= Church.first
  end

end

如果我禁用基本身份验证,一切正常。有没有办法解决这个问题?

谢谢-wg

4

1 回答 1

0

问题在于使用 SWFUpload (flash) 发送 cookie。

这个链接让我找到了正确的方向: http ://ruby-on-rails-development.co.uk/2011/05/23/securing-ckeditor-file-management

解决方案是遵循该文章中的指示并添加以下内容:

  1. 在 flash_session_cookie_middleware.rb 文件中添加

    env['HTTP_COOKIE'] = [ 'auth', params['auth'] ].join('=').freeze

  2. In the base_helper.rb file (under /app/helpers/ckeditor) add the following:

    options['auth'] = Rack::Utils.escape(cookies[:auth])

The latest source for this gem handles session based tokens and the authenticity token already. This simple hack is only needed if your going with a cookie based approach to managing your authentication ticket.

于 2011-06-21T20:11:15.703 回答