问题
So when I save a record in my Rails 4 app this happens. Here's some details:
- I'm using the Ace editor.
- The
dataattribute is no where in my model or app. - The form is a standard
form_for(not remote). - The record does save successfully but then it redirects to this weird ass URL.
The code for the update is standard scaffold boilerplate.
# PATCH/PUT /pages/1
# PATCH/PUT /pages/1.json
def update
respond_to do |format|
if @page.update(page_params)
format.html { redirect_to @page, notice: 'Page was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: @page.errors, status: :unprocessable_entity }
end
end
end
Anyone have any ideas? Probably something simple but I can't for the life of me figure this one out. Let me know if there's any other pertinent information I can share.
回答1:
In your specific case (the one shown in your quickcast), Chrome is considering this a security risk because you're submitting a <script> element containing javascript that's being inserted into the renderable contents of the page using [Rails' built-in] asynchronous javascript.
To avoid this, you could:
- Strip out the wrapping
<script>tags using client-side logic before submitting the form, and then add them back in on the server before saving the record. - Disable Rails' built-in ajaxification of the update action in this controller, so that it submits through plain old HTML
- Add an intermediary redirect page between form submittal and viewing the show action
回答2:
I believe it is because your @page show view is rendering escaped HTML and Javascript. Chrome probably has heuristics to analyze the page and determine what type of document it is. Since it likely doesn't start with <html>, then Chrome assumes it is a data file with the data: protocol. Try rendering to a string and printing the results on the console:
http://guides.rubyonrails.org/layouts_and_rendering.html#using-render
puts render_to_string @page
See section 4.1.1 http://guides.rubyonrails.org/security.html#redirection
data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K
Please update your answer with the show view template, the show action, and the log from render_to_string.
来源:https://stackoverflow.com/questions/20530292/why-is-my-rails-app-redirecting-to-data