机架中间件,是否不要求/ assets上的请求?
[英]Rack Middleware, is it not called for requests on /assets?
问题描述
I'm trying to build a middleware that can restrict access based on conditions. 
我正在尝试构建一个可以根据条件限制访问的中间件。 I noticed that I have no control over request that come in as /assets..... 我注意到我无法控制作为/ assets .....传入的请求
Is there a way to get the middleware called so you can do access control? 有没有一种方法可以调用中间件,以便您可以进行访问控制?
Right now 马上
http://localhost:3000/assets/unauthorized-028be791049e981f9aa0b7da383195e1.js http:// localhost:3000 / assets / unauthorized-028be791049e981f9aa0b7da383195e1.js
Doesn't show up in the logs and somehow bypasses my Rack.middleware. 没有显示在日志中,以某种方式绕过了我的Rack.middleware。
Ideas? 有想法吗? Thanks 谢谢
1 个解决方案
解决方案1
0 已采纳 2011-08-24 07:10:25
Your assets will almost definitely not get solved by your rails app in production, rather, nginx or apache will be serving them, so even if you got your development machine's middleware to intercept asset calls, you couldn't rely on the same happening in production. 您的资产几乎绝对不会在生产中被Rails应用程序解决,相反,nginx或apache将为它们提供服务,因此,即使您拥有开发机器的中间件来拦截资产调用,您也无法依赖生产中发生的相同情况。
You should either serve the assets you need to restrict directly from a controller action (kind of an ugly, but simple, solution), or use something like S3 that will give you fine grained controller over who can access them. 您应该提供您需要直接从控制器操作中限制的资产(一种丑陋但简单的解决方案),也可以使用S3之类的东西来为您提供细粒度的控制器,以决定谁可以访问它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.