I want a simple functionality of redirecting to an external site from controller. I am using this code.
redirect_to "https://www.google.com", allow_other_host: true
And from the logs I get
Redirected to https://www.google.com
Completed 302 Found in 2927ms (Allocations: 15729)
But I am actually not redirected and browser shows CORS error. Any help will be highly appreciated.
Related
I have a Ruby on Rails application which redirects users to the start or login page if they end up at a resource they are not authorized for.
For that, it redirects through a 302 Found.
This does not feel right to me, as for example a successful creation of a resource via POST also returns a 302, with the only difference being that it redirects to the created resource.
On the other hand, it does not seem possible to redirect a user without returning a 30X status code (401/403 in this case).
Am I missing something here, or am I already doing it correctly and this is just the way to go?
Well I'd say that it depends of the context, for an API I'd go for you way, if the user is trying to reach an endpoint without authentication or without enough permissions, I'd return a 401 or 403 respectively.
But for a web application without a separated frontend app, you've no choice to tell to the browser where it has to go next and the only way of doing this is to use redirections (that are only 3xx HTTP codes => https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#redirection_messages).
I created a Ruby on Rails API with a group of people via Github. For some reason, my authorization fails repeatedly and says the following in my server.
Started GET "/boards" for ::1 at 2020-08-24 21:38:38 -0400
Processing by BoardsController#index as */*
Filter chain halted as :authorized rendered or redirected
Completed 401 Unauthorized in 1ms (Views: 0.2ms | ActiveRecord: 0.0ms | Allocations: 150)
Any ideas on what may be happening here? Boards is a controller I created and I am trying to index it. It additionally doesn't work with a post method either.
You're almost certainly either not sending any credentials in your requests from Postman, or the credentials you are sending are incorrect.
You can see information about making Postman send credentials as part of your request in the Postman docs at https://learning.postman.com/docs/sending-requests/authorization/
In order to know what you need to send, you would need to know what authentication mechanism you're using. With an API, this is most likely a JWT and you are most likely using the Devise gem, but something else may have been configured in your app.
In the case of it being JWT, you would need to generate a valid JWT in your application, then configure Postman's authorization to use "Bearer Token", providing the token you generated as the value there
I have site in Mvc and i want that any URL with error code 404 will redirect to 301.
Where i can do this permanently(Web.Config/IIS) and how?
Please suggest me the option keeping in mind the SEO part of a site.
I have hundreds of Urls generating 404 and 500 errors i want to redirect them to site base url "www.site.com"
I have error links like this:
www.site.com/index.php?page=item&id=39
www.site.com/Ad/Detail/b7bd026f-3ba2-444f-8786-6e551d6e1668
Does anyone know if there are any particular circumstances when the [HttpGet] attribute gets ignored?
I have a controller that has an action with the [HttpGet] defined on it, which should mean that only GET requests are allowed and POST requests are rejected usually with a 404. Running locally under IIS this action seems to be able to accept Http POST requests however on the Test server this is not the case which is how it should be. It looks like we do need to be able to support POST request on the controller actions and we will be adding the support for this.
However this does raise the question as why my local copy of the site running under IIS seems to accept the requests. I would expect the request to rejected with a 404 http status. Also we have other sites running on the Test server that are behaving the same as my local server.
I am not sure if it has something to do with the fact that the requests are actually redirect requests. The 'main site / portal' is an old ASP.Net Web Forms application that then redirects to another 'routing' ASP.Net Mvc 3 web application that will re-route the request depending on business logic to 1 of 3 other 'channel' ASP.Net Mvc 3 web applications. All the channels essentially provide the same function but have slightly different business logic within them. Each channel has a landing controller that will redirect the user to the page where they should be going to. And it is the action on these ladning controllers that have the [HttpGet] attribute on.
The following is what occurs on 1 of the 3 channels on the test server:
User clicks a button
POST request to the 'Portal' site results in 302 to the 'Routing' site
POST request to the 'Routing' site results in 302 to the 'Channel' site
POST requets to the 'Channel' site results in 404.
The following is what ocurrs on the other 2 channels on the test server and on all 3 channels on my local server:
User clicks a button
POST request to the 'Portal' site results in 302 to the 'Routing' site
POST request to the 'Routing' site results in 302 to the 'Channel' site
POST requets to the 'Channel' site results in 302 to the destination page within the 'Channel' site.
POST request to the 'Channel' for destination page results in 200 and the page being servered.
UPDATE:
It turns out that I've been well and truly led up the garden path. The redirected requested are all being done via Http GET and not Http POST as is the correct behaviour for a 302 redirect. However IE developer tools incorrectly displays these as POST requests instead of GET requests. It turns out that the channel server had not been deployed to Test.
A http response with a 302 status for a http request with a POST method / verb will result in a new Http Request with a GET method / verb. This means that a redirect to an action on a controller with the [HttpGet] attribute will be successful.
On the book Agile Web development with Rails, it is proposed that when someone tries to access some data in your web site and the record doesn't exist anymore, that the user should be redirected to a working page and display a message.
A user would go to /book/1, but a book with id 1 doesn't exist anymore, so it is redirected to /books and shown a message "That book doesn't exist". It seems to be a good user experience but to break the HTTP protocol. Should it be a temporary redirect? if so a web crawler will keep hitting that page. Should it be a permanent redirection? If so the previous content should be available there, and it isn't.
I think that a record-not-found page should issue a 404. Am I wrong? Hitting /book/1 where 1 doesn't exist anymore would return a 404 with the HTML showing exactly the same thing as /books, and maybe an error message.
Agile Web development with Rails is against that option because the user might keep hitting /book/1 generating 404s only to see what can be seen in /books.
What do you think?
If the resource does not exist, send the 404 status code. It’s really that simple. Redirecting means that only the URL is (temporarily) not valid but the resource does exist.
If there's no 404 , search engines have no way to discover that the object has been deleted. So I suppose it's a must.
I think there's a good compromise where you render a 404 template (complete with 404 status code) that prompts the user to continue to /books or /whatever.
if the record doesn't exist anymore, than you should probably use a 301 status code, "permanent redirect".
The difference between 301 and 404, is that a 404 error code should be used in cases when the resource never existed and 301 when the resource existed, but moved.