Ruby on Rails

Colin Law wrote in post #1088392:
> On 9 December 2012 12:36, comopasta Gr <lists@ruby-forum.com> wrote:
>>> containing the link) or does it just appear in the url bar of your
>>> browser as you are typing something, in which case it is just that at
>>> some point you have tried to visit that page and it is the type-ahead
>>> in the browser entering it.
>>>
>> Added automatically means that I would enter http://mydomain.com and hit
>> enter, then the url becomes http://mydomain.com/#login I have never
>> tried to visit that url, the normal url is http://mydomain.com/login
>
> Do you have logging enabled in your app so that each request is shown?
> If so then what do you see in the log when you hit enter after
> entering mydomain.com? If not then enable it and see what happens.
>
Sure I can follow the logs in real time in Heroku and when visiting the
app you can see the requests hitting the app. I can follow up any
requests. When this "ghost" site has been active the application at
Heroku is not hit, the app does not serve the content, nothing is seen
in the logs.


>>
>> Well maybe not. I had some XSS issues reported as weak by brakeman. But
>> I don't think those had anything to do with the issue. I have solved
>> those weak issues now.
>>
>>> Colin
>>
>> I have not seen the issue in last two days but on Friday (for 15 minutes
>> or so) typing http://mydomain.com/#login would end up not on our app but
>> on that strange page. Then it stopped. Right now (and pretty much
>> always) it goes correctly to our app. This has been seen by and another
>> person in a different country (and machine obviously).
>
> You said earlier that you had never typed mydomain.com/#login, now you
> say you spent 15 mins doing so.
>
Yeah, it was a coincidence that I found it. Another guy found it in
Spain and told me about. At that time I tried visiting the server but
didn't get "redirected" there. Then the next day it also happened to me.
So I took note of the url and I was visiting it for about 15 minutes
with the same result (the bad page), then it kind of died out and the
same url would take to my app as expected.

> Can you let us know your domain name so we can try it?

I still have to push the latests changes I have which include update to
Rails 2.3.8 and other stuff. But one thing that is now different is that
I forces https in all the requests. So I don't know if this will
mitigate the problem. Anyway the app is at sharebi.com

Btw I just found a screenshot of the bad page (attached). You can't see
the #login part but that was consistently taking me here on Friday.
After the loading part the form I mentioned before is displayed.


>
> Colin

Attachments:
http://www.ruby-forum.com/attachment/7946/quiz.jpg


--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.