ActionController::RoutingError: No route matches [GET] "/sign_up"
这显然令人担忧,因为这意味着新用户无法注册.
但是,如果我访问该URL,无论是通过手动输入,还是通过单击主页上的按钮,我都可以看到注册页面.
没有重定向,URL栏中的URL保持不变.
这是有问题的路线:
devise_scope :identity do get 'sign_in',:to => 'devise/sessions#new' get 'sign_up',:to => 'devise/registrations#new' get 'sign_out',:to => 'devise/sessions#destroy' end
由于主题黑客攻击,我们主页上的按钮是一个用GET提交的表单.我认为这可能是一个问题,但日志显示它正确接收GET请求.
这里发生了什么?我应该从哪里开始寻找诊断?
UPDATE
通过我们主页上的黑客,我的意思是,由于bootstrap不支持< a class =“btn ...在导航栏中,我们正在使用方法GET的表单来使用它支持的那种按钮 - 所以从服务器的角度来看,用户在点击该按钮时仍然发送GET / sign_up.这个按钮只是为了让他们到/ sign_up页面(registration_controller #new),这不是他们按下提交注册表单的按钮他们所有的细节. (注册表单本身正常,即发送POST) 为了清楚起见,我已经手动完成了整个注册过程,并且它有效.我从来没有得到404.当我进行漫步时,日志消息不会出现. 这是耙路线的相关部分
Prefix Verb URI Pattern Controller#Action
new_identity_session GET /identities/sign_in(.:format) devise/sessions#new
identity_session POST /identities/sign_in(.:format) devise/sessions#create
destroy_identity_session DELETE /identities/sign_out(.:format) devise/sessions#destroy
cancel_identity_registration GET /identities/cancel(.:format) identities/registrations#cancel
identity_registration POST /identities(.:format) identities/registrations#create
new_identity_registration GET /identities/sign_up(.:format) identities/registrations#new
edit_identity_registration GET /identities/edit(.:format) identities/registrations#edit
PATCH /identities(.:format) identities/registrations#update
PUT /identities(.:format) identities/registrations#update
DELETE /identities(.:format) identities/registrations#destroy
sign_in GET /sign_in(.:format) devise/sessions#new
sign_up GET /sign_up(.:format) devise/registrations#new
sign_out GET /sign_out(.:format) devise/sessions#destroy
更新2
我们仍然在生产服务器上记录此问题.
错误来自滚动条.
有趣的是,它没有出现在我们的生产日志中.
生产日志使用one line logging.
我们无法在开发中重现它,这是访问页面的日志:
Started GET "/sign_up" for 127.0.0.1 at 2017-01-02 12:25:10 +0800 Processing by Devise::RegistrationsController#new as HTML Rendered identities/shared/_sign_up.html.erb (203.5ms) Rendered identities/registrations/new.html.erb within layouts/focused (277.2ms) Rendered layouts/_social_headers.html.erb (39.1ms) Rendered layouts/_google_analytics.html.erb (6.2ms) Rendered layouts/_scripts.html.erb (3618.9ms) Rendered layouts/_hotjar.html.erb (4.7ms) Rendered layouts/_html_head.html.erb (3708.2ms) Nation Load (4.5ms) SELECT "nations".* FROM "nations" WHERE "nations"."id" IS NULL ORDER BY "nations"."id" ASC LIMIT 1 Rendered layouts/_topnavbar.html.erb (101.0ms) Rendered layouts/_breadcrumb.html.erb (7.4ms) Rendered layouts/_flash.html.erb (31.4ms) Rendered layouts/_footer2.html.erb (8.6ms) Completed 200 OK in 4223ms (Views: 4203.2ms | ActiveRecord: 4.5ms)
解决方法
Rollbar按类别聚合异常,而不是默认情况下的错误消息.因此,在发送错误报告时,报告会显示来自该例外的第一个实例的错误消息.
所以在我们的例子中,我们第一次使用Rollbar部署了一个错误,导致/ sign_up给我们一个404错误,这是修复的,但之后,任何404生成了相同的异常类,所以当一个漏洞机器人请求时,说,/ wp-login.PHP我们会从Rollbar收到一封电子邮件说:
ActionController::RoutingError: No route matches [GET] "/sign_up"
即使导致最新错误的实际路径不是/ sign_up
我们通过在分组下更改Rollbar上的设置来修复此问题,以打开“包含异常消息” – 这样新的404就不会与/ sign_up组合在一起
我还将它添加到config / initializers / rollbar.rb中,以过滤掉其中一些404发送到Rollbar.
# Ignore bots trying to hack non existent end-points
config.exception_level_filters.merge!('ActionController::RoutingError' => lambda { |e|
e.message =~ %r(No route matches \[[A-Z]+\] "/(.+)")
case $1.split("/").first.to_s.downcase
when *%w(myadmin PHPmyadmin w00tw00t pma cgi-bin xmlrpc.PHP wp wordpress cfide)
'ignore'
else
'warning'
end
})