Logs: ActionController::Redirecting::UnsafeRedirectError

Sou um indivíduo chinês, e meu inglês não é proficiente; portanto, o conteúdo a seguir foi traduzido por máquina. Por favor, perdoe qualquer impropriedade na expressão.

Não realizei nenhuma ação específica ao usar o fórum, mas inadvertidamente descobri o seguinte erro no log:

A imagem mostra um coletor de logs de desenvolvimento web capturando múltiplos erros devido a redirecionamentos inseguros de um aplicativo para um domínio específico. (Título gerado por IA)1860×313 48.8 KB

info:

ActionController::Redirecting::UnsafeRedirectError (Redirecionamento inseguro para "https://bbs.imbhj.com/c/2/综合讨论", passe allow_other_host: true para redirecionar de qualquer maneira.)
app/controllers/categories_controller.rb:37:in `redirect'
app/controllers/application_controller.rb:427:in `block in with_resolved_locale'
app/controllers/application_controller.rb:427:in `with_resolved_locale'
lib/middleware/omniauth_bypass_middleware.rb:35:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:407:in `call'
lib/middleware/csp_script_nonce_injector.rb:12:in `call'
config/initializers/008-rack-cors.rb:14:in `call'
config/initializers/100-quiet_logger.rb:20:in `call'
config/initializers/100-silence_logger.rb:29:in `call'
lib/middleware/enforce_hostname.rb:24:in `call'
lib/middleware/processing_request.rb:12:in `call'
lib/middleware/request_tracker.rb:385:in `call'

backtrace:

actionpack (7.2.2.1) lib/action_controller/metal/redirecting.rb:226:in `_enforce_open_redirect_protection'
actionpack (7.2.2.1) lib/action_controller/metal/redirecting.rb:114:in `redirect_to'
actionpack (7.2.2.1) lib/action_controller/metal/flash.rb:64:in `redirect_to'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:52:in `block in redirect_to'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `block in instrument'
activesupport (7.2.2.1) lib/active_support/notifications/instrumenter.rb:58:in `instrument'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `instrument'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:51:in `redirect_to'
app/controllers/categories_controller.rb:37:in `redirect'
actionpack (7.2.2.1) lib/action_controller/metal/basic_implicit_render.rb:8:in `send_action'
actionpack (7.2.2.1) lib/abstract_controller/base.rb:226:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/rendering.rb:193:in `process_action'
actionpack (7.2.2.1) lib/abstract_controller/callbacks.rb:261:in `block in process_action'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:121:in `block in run_callbacks'
app/controllers/application_controller.rb:427:in `block in with_resolved_locale'
i18n (1.14.7) lib/i18n.rb:353:in `with_locale'
app/controllers/application_controller.rb:427:in `with_resolved_locale'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:130:in `block in run_callbacks'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:141:in `run_callbacks'
actionpack (7.2.2.1) lib/abstract_controller/callbacks.rb:260:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/rescue.rb:27:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:77:in `block in process_action'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `block in instrument'
activesupport (7.2.2.1) lib/active_support/notifications/instrumenter.rb:58:in `instrument'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `instrument'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:76:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/params_wrapper.rb:259:in `process_action'
activerecord (7.2.2.1) lib/active_record/railties/controller_runtime.rb:39:in `process_action'
actionpack (7.2.2.1) lib/abstract_controller/base.rb:163:in `process'
actionview (7.2.2.1) lib/action_view/rendering.rb:40:in `process'
rack-mini-profiler (3.3.1) lib/mini_profiler/profiling_methods.rb:89:in `block in profile_method'
actionpack (7.2.2.1) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (7.2.2.1) lib/action_controller/metal.rb:335:in `dispatch'
actionpack (7.2.2.1) lib/action_dispatch/routing/route_set.rb:67:in `dispatch'
actionpack (7.2.2.1) lib/action_dispatch/routing/route_set.rb:50:in `serve'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:53:in `block in serve'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:133:in `block in find_routes'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:126:in `each'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:126:in `find_routes'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:34:in `serve'
actionpack (7.2.2.1) lib/action_dispatch/routing/route_set.rb:896:in `call'
lib/middleware/omniauth_bypass_middleware.rb:35:in `call'
rack (2.2.11) lib/rack/tempfile_reaper.rb:15:in `call'
rack (2.2.11) lib/rack/conditional_get.rb:27:in `call'
rack (2.2.11) lib/rack/head.rb:12:in `call'
actionpack (7.2.2.1) lib/action_dispatch/http/permissions_policy.rb:38:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:407:in `call'
lib/middleware/csp_script_nonce_injector.rb:12:in `call'
config/initializers/008-rack-cors.rb:14:in `call'
rack (2.2.11) lib/rack/session/abstract/id.rb:266:in `context'
rack (2.2.11) lib/rack/session/abstract/id.rb:260:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/cookies.rb:704:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/callbacks.rb:31:in `block in call'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:101:in `run_callbacks'
actionpack (7.2.2.1) lib/action_dispatch/middleware/callbacks.rb:30:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/debug_exceptions.rb:31:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/show_exceptions.rb:32:in `call'
logster (2.20.1) lib/logster/middleware/reporter.rb:40:in `call'
railties (7.2.2.1) lib/rails/rack/logger.rb:41:in `call_app'
railties (7.2.2.1) lib/rails/rack/logger.rb:29:in `call'
config/initializers/100-quiet_logger.rb:20:in `call'
config/initializers/100-silence_logger.rb:29:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/request_id.rb:33:in `call'
lib/middleware/enforce_hostname.rb:24:in `call'
rack (2.2.11) lib/rack/method_override.rb:24:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/executor.rb:16:in `call'
rack (2.2.11) lib/rack/sendfile.rb:110:in `call'
rack-mini-profiler (3.3.1) lib/mini_profiler.rb:191:in `call'
lib/middleware/processing_request.rb:12:in `call'
message_bus (4.3.8) lib/message_bus/rack/middleware.rb:60:in `call'
lib/middleware/request_tracker.rb:385:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/remote_ip.rb:96:in `call'
railties (7.2.2.1) lib/rails/engine.rb:535:in `call'
railties (7.2.2.1) lib/rails/railtie.rb:226:in `public_send'
railties (7.2.2.1) lib/rails/railtie.rb:226:in `method_missing'
rack (2.2.11) lib/rack/urlmap.rb:74:in `block in call'
rack (2.2.11) lib/rack/urlmap.rb:58:in `each'
rack (2.2.11) lib/rack/urlmap.rb:58:in `call'
unicorn (6.1.0) lib/unicorn/http_server.rb:634:in `process_client'
unicorn (6.1.0) lib/unicorn/http_server.rb:739:in `worker_loop'
unicorn (6.1.0) lib/unicorn/http_server.rb:547:in `spawn_missing_workers'
unicorn (6.1.0) lib/unicorn/http_server.rb:143:in `start'
unicorn (6.1.0) bin/unicorn:128:in `<top (required)>'
vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `load'
vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `<main>'

env:

process_id	612
application_version	3f0e84054b5b47d3200b5d91a63f0329fa561f24
HTTP_HOST	bbs.imbhj.com
REQUEST_URI	/category/2/%E7%BB%BC%E5%90%88%E8%AE%A8%E8%AE%BA
REQUEST_METHOD	GET
HTTP_USER_AGENT	Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; https://zhanzhang.toutiao.com/)
HTTP_ACCEPT	text/html,application/xhtml+xml,application/xml;q=0.9,image/heif,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
HTTP_X_FORWARDED_FOR	110.249.202.115, 172.70.214.9, 172.17.0.1
HTTP_X_REAL_IP	172.17.0.1
time	12:42 am

Não tenho certeza se há algum detalhe privado no log; se houver, espero ser lembrado para fazer os ajustes necessários.

A versão do Discourse que estou usando: 3.5.0.beta1-dev

Última hora de compilação: 2025-02-13T11:30:00Z

Ninguém? Por favor, me ajudem!

Não posso ajudar muito, desculpe!
Notei que as URLs de redirecionamento usam o formato incorreto: /c/<id>/<title>.
O título não deveria fazer parte disso, e se foi confundido com o slug, deveria estar antes do id: /c/<slug>/<id>. Como isso acontece?

O ambiente mostra o bot rastreador da ByteDance. Todas as requisições são desse bot também?

Não use chinês em abreviações ou URLs de domínio.

Eu não sei, mas na minha instância do Discourse todos os slugs de categoria estão normais e acessíveis!

Obrigado pela resposta, sim, quase todos os erros são do (Bytespider;
https://zhanzhang.toutiao.com/)

Acredito que um grande número de bots rastreadores tenha correspondido a regras de redirecionamento incorretas. Se eu bloquear esses rastreadores no arquivo robots.txt, teoricamente isso deve aliviar a saída de logs de erro.

Finalmente, estendo minha sincera gratidão pela sua resposta.
Que você tenha um ótimo dia.

Obrigado pelo aviso e pelo conselho!

Eu não usei nomes de categorias em chinês, e todos os identificadores de categorias seguiram estritamente o slug conforme sugerido na documentação do discourse, usando inglês, por exemplo:

Uma captura de tela de uma interface de software onde "化学工程" (Engenharia Química) é digitado no campo "类别名称" (Nome da Categoria) e "huaxue" é digitado no campo "类别缩写名" (Nome da Abreviação da Categoria), com uma seta vermelha apontando para o campo de abreviação. (Título gerado por IA)868×251 12.8 KB