我使用前端和后端API服务器来实现Ruby / Sinatra Web应用程序。表单将发布到前端app.rb中的“ / login”路径:
post '/login' do
uri = URI.join("http://#{settings.api}:#{settings.api_port}",
"/user/", "validate")
response = Net::HTTP.post_form(
uri, 'email' => params[:email],
'password' => params[:password])
h = response.code == "200" || response.code == "401" ?
JSON.parse(response.body) : {}
if h["status"] == "success"
# Save the user id inside the browser cookie.
# This is how we keep the user
# logged in when they navigate around our website.
session[:user_id] = h["user_id"]
puts session[:user_id]
redirect '/home'
else
# If user's login doesn't work, send them back to the login form.
flash[:notice] = "Login failed due to #{h["status"]}"
redirect '/login'
end
end
发布请求及其参数通过HTTP发送到后端服务器。后端API服务器将使用JSON进行响应,该JSON具有一个状态字段,以提示用户是否已成功通过身份验证。
我在浏览器中显示以下消息,提示“连接不安全”。enter image description here。我必须在前端app.rb中添加额外的安全配置吗?
您可以尝试在app.rb文件中添加以下配置:
configure :development, :test do
set :force_ssl, true
end
configure :production do
set :force_ssl, true
end
有关在Sinatra应用程序中强制使用SSL及其对您的情况有帮助的信息,请参阅“ Forcing SSL in a Sinatra App”。