如何在Rails中禁用Cookie的URL编码
我有一个Rails应用程序,它必须与一个非常老的旧版应用程序共存.旧版应用程序将查找一个cookie,该cookie的值包含特定的字符串.不幸的是,旧版Cookie中的字符通常包含斜杠.我遇到的问题是,当Rails应用程序编写cookie时,它首先会进行URL编码,这会导致传统应用程序中断,因为cookie值不正确.
I have a Rails application that has to co-exist with a very old legacy application. The legacy application looks for a cookie that has a value containing a specific string of characters. Unfortunately, the characters in the legacy cookie often contain slashes. The problem I have is that when the Rails application writes the cookie it first does URL-encoding which causes the legacy app to break because the cookie values is incorrect.
我通过编辑文件cookie_performance_fix.rb(路径:./actionpack-1.13.5/lib/action_controller/cgi_ext/cookie_performance_fix.rb)在
中使用了Rails 1.13.5.
为了使它起作用,我更改了代码,如下所示:
I had this working in Rails 1.13.5 by editing the file cookie_performance_fix.rb (Path: ./actionpack-1.13.5/lib/action_controller/cgi_ext/cookie_performance_fix.rb)
In order to get this to work I changed the code as shown:
def to_s
buf = ""
buf << @name << '='
if @value.kind_of?(String)
rails code.
#buf << CGI::escape(@value)
buf << @value
else
#buf << @value.collect{|v| CGI::escape(v) }.join("&")
buf << @value.collect{|v| (v) }.join("&")
end
在我决定将Rails升级到版本2.3.2之前,这实际上工作正常.
在Rails 2.3.2中,cookie_performance_fix.rb文件不再存在.我在同一目录中查找了一个名为cookie.rb的文件,尝试以类似的方式对其进行修改.
This actually worked fine until I decided to upgrade Rails to version 2.3.2
In Rails 2.3.2 the cookie_performance_fix.rb file no longer exists. I looked in the same directory and found a file called cookie.rb which I tried modifying in a similar fashion.
def to_s
buf = ''
buf << @name << '='
#buf << (@value.kind_of?(String) ? CGI::escape(@value) : @value.collect{|v| CGI::escape(v) }.join("&"))
buf << (@value.kind_of?(String) ? @value : @value.collect{|v| (v) }.join("&"))
buf << '; domain=' << @domain if @domain
buf << '; path=' << @path if @path
buf << '; expires=' << CGI::rfc1123_date(@expires) if @expires
buf << '; secure' if @secure
buf << '; HttpOnly' if @http_only
buf
end
不幸的是,这似乎不起作用. cookie不断在新的Rails 2.3.2中获得URL编码.我知道关闭URL编码不是最好的主意,但是在淘汰旧版应用程序之前,我没有太多选择.不幸的是,我无法访问旧版代码以添加对URL的非编码cookie支持,因此我必须确保以正确的顺序(包括斜杠)写入旧版cookie.如果有人可以告诉我如何在Rails 2.3.2中关闭URL编码,将不胜感激.
谢谢.
This unfortunately does not seem to work. The cookie keeps getting URL-encoded in the new Rails 2.3.2. I know that turning off URL-encoding is not the best idea, but I don't have much choice until the legacy application is retired. I unfortunately do not have access to the legacy code to add support for URL-unencoding the cookie so I have to make sure the legacy cookie is written with the correct sequence including the slashes. If anyone can tell me how to turn off URL-encoding in Rails 2.3.2 it would be greatly appreciated.
Thanks.
进行了一些挖掘之后,我找到了问题的答案,并在此处进行记录,以防其他人使用.
After doing some digging I have found the answer to my question and I am documenting it here in case it is of use to anyone else.
要在Rails 2.3.2中关闭URL编码,必须编辑以下文件: actionpack-2.3.2/lib/action_controller/vendor/rack-1.0/rack/response.rb
In order to turn off URL-encoding in Rails 2.3.2 it is necessary to edit the following file: actionpack-2.3.2/lib/action_controller/vendor/rack-1.0/rack/response.rb
围绕第70行,设置cookie的ID和值.我对URL编码进行了以下更改:
Around line 70 the ID and value of the cookie is set. I made the following change to turn of URL-encoding:
cookie = Utils.escape(key) + "=" +
#value.map { |v| Utils.escape v }.join("&") +
value.map { |v| v }.join("&") +
"#{domain}#{path}#{expires}#{secure}#{httponly}"
注意::此修改仅影响标准cookie,而不影响版本2.3.2中Rails用作会话数据的cookie.
NOTE: This modification only affects standard cookies - not the cookies used as session data by Rails in version 2.3.2.
免责声明:我绝不建议将此修改作为最佳做法.仅出于处理遗留代码要求的特定原因才进行了此修改,而遗留代码要求要求cookie处于特定格式.更好的选择甚至是修改旧版代码以处理URL编码.不幸的是,这个选项对我来说是封闭的,所以我被迫在底层的Rails代码上乱搞-我通常不建议这样做.当然,不言而喻,进行这种类型的修改会带来风险,即每次升级Rails安装时都必须重新解决该问题,因为底层代码可能会更改.实际上这就是我的情况.当然,如果可能的话,保持URL编码也可能有很好的理由(安全性,标准合规性等).
DISCLAIMER: I am in no way recommending this modification as a best practice. This modification was only done for the specific reason of handling legacy code requirement that required a cookie to be in a particular format. A better option would even be to modify the legacy code to handle URL-encoding. Unfortunately, that option was closed to me so I was forced to hack around on the underlying Rails code - which is not something I would generally recommend. Of course it should go without saying that making this type of modification runs the risk that the problem will have to be re-addressed every time you upgrade your Rails installation as the underlying code may change. That is actually what happened in my case. And of course there are also probably good reasons (security, standards compliance, etc.) for keeping the URL-encoding if at all possible.