Logs: ActionController::Redirecting::UnsafeRedirectError

Soy un individuo chino y mi inglés no es muy bueno; por lo tanto, el siguiente contenido ha sido traducido por máquina. Por favor, disculpe cualquier impropiedad en la expresión.

No realicé ninguna acción en particular mientras usaba el foro, pero descubrí inadvertidamente el siguiente error en el registro:

La imagen muestra un recopilador de registros de desarrollo web que captura múltiples errores debido a redirecciones inseguras de una aplicación a un dominio específico. (Título generado por IA)1860×313 48.8 KB

info:

ActionController::Redirecting::UnsafeRedirectError (Redirección insegura a "https://bbs.imbhj.com/c/2/综合讨论", pasa allow_other_host: true para redirigir de todos modos.)
app/controllers/categories_controller.rb:37:in `redirect'
app/controllers/application_controller.rb:427:in `block in with_resolved_locale'
app/controllers/application_controller.rb:427:in `with_resolved_locale'
lib/middleware/omniauth_bypass_middleware.rb:35:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:407:in `call'
lib/middleware/csp_script_nonce_injector.rb:12:in `call'
config/initializers/008-rack-cors.rb:14:in `call'
config/initializers/100-quiet_logger.rb:20:in `call'
config/initializers/100-silence_logger.rb:29:in `call'
lib/middleware/enforce_hostname.rb:24:in `call'
lib/middleware/processing_request.rb:12:in `call'
lib/middleware/request_tracker.rb:385:in `call'

backtrace:

actionpack (7.2.2.1) lib/action_controller/metal/redirecting.rb:226:in `_enforce_open_redirect_protection'
actionpack (7.2.2.1) lib/action_controller/metal/redirecting.rb:114:in `redirect_to'
actionpack (7.2.2.1) lib/action_controller/metal/flash.rb:64:in `redirect_to'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:52:in `block in redirect_to'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `block in instrument'
activesupport (7.2.2.1) lib/active_support/notifications/instrumenter.rb:58:in `instrument'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `instrument'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:51:in `redirect_to'
app/controllers/categories_controller.rb:37:in `redirect'
actionpack (7.2.2.1) lib/action_controller/metal/basic_implicit_render.rb:8:in `send_action'
actionpack (7.2.2.1) lib/abstract_controller/base.rb:226:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/rendering.rb:193:in `process_action'
actionpack (7.2.2.1) lib/abstract_controller/callbacks.rb:261:in `block in process_action'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:121:in `block in run_callbacks'
app/controllers/application_controller.rb:427:in `block in with_resolved_locale'
i18n (1.14.7) lib/i18n.rb:353:in `with_locale'
app/controllers/application_controller.rb:427:in `with_resolved_locale'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:130:in `block in run_callbacks'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:141:in `run_callbacks'
actionpack (7.2.2.1) lib/abstract_controller/callbacks.rb:260:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/rescue.rb:27:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:77:in `block in process_action'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `block in instrument'
activesupport (7.2.2.1) lib/active_support/notifications/instrumenter.rb:58:in `instrument'
activesupport (7.2.2.1) lib/active_support/notifications.rb:210:in `instrument'
actionpack (7.2.2.1) lib/action_controller/metal/instrumentation.rb:76:in `process_action'
actionpack (7.2.2.1) lib/action_controller/metal/params_wrapper.rb:259:in `process_action'
activerecord (7.2.2.1) lib/active_record/railties/controller_runtime.rb:39:in `process_action'
actionpack (7.2.2.1) lib/abstract_controller/base.rb:163:in `process'
actionview (7.2.2.1) lib/action_view/rendering.rb:40:in `process'
rack-mini-profiler (3.3.1) lib/mini_profiler/profiling_methods.rb:89:in `block in profile_method'
actionpack (7.2.2.1) lib/action_controller/metal.rb:252:in `dispatch'
actionpack (7.2.2.1) lib/action_controller/metal.rb:335:in `dispatch'
actionpack (7.2.2.1) lib/action_dispatch/routing/route_set.rb:67:in `dispatch'
actionpack (7.2.2.1) lib/action_dispatch/routing/route_set.rb:50:in `serve'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:53:in `block in serve'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:133:in `block in find_routes'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:126:in `each'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:126:in `find_routes'
actionpack (7.2.2.1) lib/action_dispatch/journey/router.rb:34:in `serve'
actionpack (7.2.2.1) lib/action_dispatch/routing/route_set.rb:896:in `call'
lib/middleware/omniauth_bypass_middleware.rb:35:in `call'
rack (2.2.11) lib/rack/tempfile_reaper.rb:15:in `call'
rack (2.2.11) lib/rack/conditional_get.rb:27:in `call'
rack (2.2.11) lib/rack/head.rb:12:in `call'
actionpack (7.2.2.1) lib/action_dispatch/http/permissions_policy.rb:38:in `call'
lib/content_security_policy/middleware.rb:12:in `call'
lib/middleware/anonymous_cache.rb:407:in `call'
lib/middleware/csp_script_nonce_injector.rb:12:in `call'
config/initializers/008-rack-cors.rb:14:in `call'
rack (2.2.11) lib/rack/session/abstract/id.rb:266:in `context'
rack (2.2.11) lib/rack/session/abstract/id.rb:260:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/cookies.rb:704:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/callbacks.rb:31:in `block in call'
activesupport (7.2.2.1) lib/active_support/callbacks.rb:101:in `run_callbacks'
actionpack (7.2.2.1) lib/action_dispatch/middleware/callbacks.rb:30:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/debug_exceptions.rb:31:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/show_exceptions.rb:32:in `call'
logster (2.20.1) lib/logster/middleware/reporter.rb:40:in `call'
railties (7.2.2.1) lib/rails/rack/logger.rb:41:in `call_app'
railties (7.2.2.1) lib/rails/rack/logger.rb:29:in `call'
config/initializers/100-quiet_logger.rb:20:in `call'
config/initializers/100-silence_logger.rb:29:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/request_id.rb:33:in `call'
lib/middleware/enforce_hostname.rb:24:in `call'
rack (2.2.11) lib/rack/method_override.rb:24:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/executor.rb:16:in `call'
rack (2.2.11) lib/rack/sendfile.rb:110:in `call'
rack-mini-profiler (3.3.1) lib/mini_profiler.rb:191:in `call'
lib/middleware/processing_request.rb:12:in `call'
message_bus (4.3.8) lib/message_bus/rack/middleware.rb:60:in `call'
lib/middleware/request_tracker.rb:385:in `call'
actionpack (7.2.2.1) lib/action_dispatch/middleware/remote_ip.rb:96:in `call'
railties (7.2.2.1) lib/rails/engine.rb:535:in `call'
railties (7.2.2.1) lib/rails/railtie.rb:226:in `public_send'
railties (7.2.2.1) lib/rails/railtie.rb:226:in `method_missing'
rack (2.2.11) lib/rack/urlmap.rb:74:in `block in call'
rack (2.2.11) lib/rack/urlmap.rb:58:in `each'
rack (2.2.11) lib/rack/urlmap.rb:58:in `call'
unicorn (6.1.0) lib/unicorn/http_server.rb:634:in `process_client'
unicorn (6.1.0) lib/unicorn/http_server.rb:739:in `worker_loop'
unicorn (6.1.0) lib/unicorn/http_server.rb:547:in `spawn_missing_workers'
unicorn (6.1.0) lib/unicorn/http_server.rb:143:in `start'
unicorn (6.1.0) bin/unicorn:128:in `<top (required)>'
vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `load'
vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `<main>'

env:

process_id	612
application_version	3f0e84054b5b47d3200b5d91a63f0329fa561f24
HTTP_HOST	bbs.imbhj.com
REQUEST_URI	/category/2/%E7%BB%BC%E5%90%88%E8%AE%A8%E8%AE%BA
REQUEST_METHOD	GET
HTTP_USER_AGENT	Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; https://zhanzhang.toutiao.com/)
HTTP_ACCEPT	text/html,application/xhtml+xml,application/xml;q=0.9,image/heif,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
HTTP_X_FORWARDED_FOR	110.249.202.115, 172.70.214.9, 172.17.0.1
HTTP_X_REAL_IP	172.17.0.1
time	12:42 am

No estoy seguro de si hay algún detalle privado dentro del registro; si existen, espero que se me recuerde hacer los ajustes necesarios.

La versión de Discourse que estoy usando: 3.5.0.beta1-dev

Última hora de compilación: 2025-02-13T11:30:00Z

¿Nadie? ¡Por favor, ayúdenme!

¡No puedo ayudar mucho, lo siento!
Noté que las URL de redirección usan el formato incorrecto: /c/<id>/<title>.
El título no debería ser parte de él, y si se confundió con el slug, debería colocarse antes del id: /c/<slug>/<id>. ¿Cómo sucede?

El entorno muestra el bot rastreador de ByteDance. ¿Son todas las solicitudes de este bot también?

No utilice chino en abreviaturas ni en URL de dominios.

No lo sé, ¡pero en mi instancia de Discourse todas las slugs de categoría son normales y accesibles!

Gracias por la respuesta, sí, casi todos los errores provienen de (Bytespider;
https://zhanzhang.toutiao.com/)

Creo que una gran cantidad de bots rastreadores han coincidido con reglas de redirección incorrectas. Si bloqueo estos rastreadores en el archivo robots.txt, teóricamente debería aliviar la salida de los registros de errores.

Finalmente, extiendo mi más sincero agradecimiento por tu respuesta.
Que tengas un día maravilloso.

¡Gracias por el aviso y el consejo!

No utilicé nombres de categorías en chino, y todos los identificadores de categorías se adhirieron estrictamente al slug como se sugiere en la documentación de Discourse, utilizando inglés, por ejemplo:

Una captura de pantalla de una interfaz de software donde "化学工程" (Ingeniería Química) está escrito en el campo "类别名称" (Nombre de la Categoría) y "huaxue" está escrito en el campo "类别缩写名" (Nombre de la Abreviatura de la Categoría), con una flecha roja apuntando al campo de la abreviatura. (Título generado por IA)868×251 12.8 KB