发表新帖
发表新帖

Rails 4 redirects to 'data:,' in Chrome

后端 未结
关注
3 506
予麋鹿
予麋鹿 2020-12-31 04:03

There is a weird behavior in Google Chrome, which is also described in this question: rails redirects to 'data:,'

When a new resource is being created and my

3条回答
  • 不思量自难忘°
    不思量自难忘° (楼主)
    2020-12-31 04:26

    I've been googling it and found that editing posts with an iframe in Rails 4.0 causes a redirect to "data:,"

    Rails 4 now sets the X-XSS-Protection header for all requests, so the iframe trips up the XSS protection in Chrome after a form submit. (https://github.com/elektronaut/sugar/issues/41#issuecomment-25987368)

    Solution, add it to your controller:

    before_filter :disable_xss_protection

protected
def disable_xss_protection
  # Disabling this is probably not a good idea,
  # but the header causes Chrome to choke when being
  # redirected back after a submit and the page contains an iframe.
  response.headers['X-XSS-Protection'] = "0"
end

    0 讨论(0)
 看不清?
提交回复
热议问题