“没有路由匹配[GET]”/auth/google_oauth2”错误不断出现
错误消息:“没有路由匹配 [GET]”/auth/google_oauth2”
查看页面链接:
<%= link_to "Log In with Google", "/auth/google_oauth2" %>
相关宝石:
gem 'omniauth'
gem 'dotenv-rails'
gem 'omniauth-google-oauth2'
初始化文件:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV["GOOGLE_CLIENT_ID"],ENV["GOOGLE_CLIENT_SECRET"], skip_jwt: true
end
我用它作为我的指南:中等指南
我现在已经在开发人员工具上完成了两次设置应用程序的过程,以获取客户端 ID 和机密,以防万一这是问题,并且两次我都遇到了相同的错误。我是编码新手,所以我确定这是非常愚蠢和明显的事情,但我似乎无法找到它。感谢您的帮助!
编辑:我的路由文件中也有:
get '/auth/:provider/callback' => 'sessions#omniauth'
铁路路线:
Prefix Verb URI Pattern Controller#Action
root GET / sessions#home
GET /auth/:provider/callback(.:format) sessions#omniauth
signup GET /signup(.:format) users#new
POST /signup(.:format) users#create
login GET /login(.:format) sessions#new
POST /login(.:format) sessions#create
logout DELETE /logout(.:format) sessions#destroy
user_groups GET /users/:user_id/groups(.:format) groups#index
POST /users/:user_id/groups(.:format) groups#create
new_user_group GET /users/:user_id/groups/new(.:format) groups#new
users GET /users(.:format) users#index
POST /users(.:format) users#create
new_user GET /users/new(.:format) users#new
edit_user GET /users/:id/edit(.:format) users#edit
user GET /users/:id(.:format) users#show
PATCH /users/:id(.:format) users#update
PUT /users/:id(.:format) users#update
DELETE /users/:id(.:format) users#destroy
GET /users(.:format) users#index
POST /users(.:format) users#create
GET /users/new(.:format) users#new
GET /users/:id(.:format) users#show
edit_group GET /groups/:id/edit(.:format) groups#edit
group GET /groups/:id(.:format) groups#show
DELETE /groups/:id(.:format) groups#destroy
categories GET /categories(.:format) categories#index
category GET /categories/:id(.:format) categories#show
cards GET /cards(.:format) cards#index
POST /cards(.:format) cards#create
new_card GET /cards/new(.:format) cards#new
edit_card GET /cards/:id/edit(.:format) cards#edit
card GET /cards/:id(.:format) cards#show
PATCH /cards/:id(.:format) cards#update
PUT /cards/:id(.:format) cards#update
DELETE /cards/:id(.:format) cards#destroy
rails_postmark_inbound_emails POST /rails/action_mailbox/postmark/inbound_emails(.:format) action_mailbox/ingresses/postmark/inbound_emails#create
rails_relay_inbound_emails POST /rails/action_mailbox/relay/inbound_emails(.:format) action_mailbox/ingresses/relay/inbound_emails#create
rails_sendgrid_inbound_emails POST /rails/action_mailbox/sendgrid/inbound_emails(.:format) action_mailbox/ingresses/sendgrid/inbound_emails#create
rails_mandrill_inbound_health_check GET /rails/action_mailbox/mandrill/inbound_emails(.:format) action_mailbox/ingresses/mandrill/inbound_emails#health_check
rails_mandrill_inbound_emails POST /rails/action_mailbox/mandrill/inbound_emails(.:format) action_mailbox/ingresses/mandrill/inbound_emails#create
rails_mailgun_inbound_emails POST /rails/action_mailbox/mailgun/inbound_emails/mime(.:format) action_mailbox/ingresses/mailgun/inbound_emails#create
rails_conductor_inbound_emails GET /rails/conductor/action_mailbox/inbound_emails(.:format) rails/conductor/action_mailbox/inbound_emails#index
POST /rails/conductor/action_mailbox/inbound_emails(.:format) rails/conductor/action_mailbox/inbound_emails#create
new_rails_conductor_inbound_email GET /rails/conductor/action_mailbox/inbound_emails/new(.:format) rails/conductor/action_mailbox/inbound_emails#new
edit_rails_conductor_inbound_email GET /rails/conductor/action_mailbox/inbound_emails/:id/edit(.:format) rails/conductor/action_mailbox/inbound_emails#edit
rails_conductor_inbound_email GET /rails/conductor/action_mailbox/inbound_emails/:id(.:format) rails/conductor/action_mailbox/inbound_emails#show
PATCH /rails/conductor/action_mailbox/inbound_emails/:id(.:format) rails/conductor/action_mailbox/inbound_emails#update
PUT /rails/conductor/action_mailbox/inbound_emails/:id(.:format) rails/conductor/action_mailbox/inbound_emails#update
DELETE /rails/conductor/action_mailbox/inbound_emails/:id(.:format) rails/conductor/action_mailbox/inbound_emails#destroy
rails_conductor_inbound_email_reroute POST /rails/conductor/action_mailbox/:inbound_email_id/reroute(.:format) rails/conductor/action_mailbox/reroutes#create
rails_service_blob GET /rails/active_storage/blobs/:signed_id/*filename(.:format) active_storage/blobs#show
rails_blob_representation GET /rails/active_storage/representations/:signed_blob_id/:variation_key/*filename(.:format) active_storage/representations#show
rails_disk_service GET /rails/active_storage/disk/:encoded_key/*filename(.:format) active_storage/disk#show
update_rails_disk_service PUT /rails/active_storage/disk/:encoded_token(.:format) active_storage/disk#update
rails_direct_uploads POST /rails/active_storage/direct_uploads(.:format) active_storage/direct_uploads#create
回答
取决于OmniAuth版本 (2.0.0):
OmniAuth 现在默认仅 POST 作为允许的 request_phase 方法
添加:
# Gemfile
gem 'omniauth-rails_csrf_protection', '~> 0.1'
更改POST请求链接:
link_to "Log In with Google", "/auth/google_oauth2", method: :post
# or
button_to link_to "Log In with Google", "/auth/google_oauth2"
如果您仍然需要GET请求,请在知道存在安全问题的情况下添加:
# config/initializers/omniauth.rb or similar
OmniAuth.config.allowed_request_methods = [:post, :get]
对于 omniauth < 2.0.0
考虑此处描述的 CVE 修复。
- Yep, I was able to reproduce the original problem and resolve it by converting to POST. But note that with OmniAuth > 2.0.0 you have to also install the `omniauth-rails_csrf_protection` gem, and the version mentioned in the linked CVE (`~> 0.1`) does not fully work with the latest OmniAuth version. You get an `OmniAuth::AuthentictyError` using that version. Instead, use ` 'omniauth-rails_csrf_protection', '~> 1.0'` instead.
-
@SarahMarie It seems that according to omniauth docs, even with omniauth >= 2.0, the use of `omniauth-rails_csrf_protection` is still required in order to protect against CSRF.
https://github.com/omniauth/omniauth/wiki/Upgrading-to-2.0#railsI think the new omniauth version changes the default configuration so that the GET routes isn't created. But the actual handling of CSRF is still done in `omniauth-rails_csrf_protection`
THE END
二维码