Geek Answers Handbook

None of the routes match GET / sign_up, but can I visit the page?

I get a strange error registered on my production server for my Rails 4 application:

ActionController::RoutingError: No route matches [GET] "/sign_up"

This is obvious because it means that new users cannot register. But if I find this URL by typing it manually or by clicking a button on our home page, I can see the registration page.

No redirect, the url stays in the url string.

Here's the route in question:

 devise_scope :identity do get 'sign_in', :to => 'devise/sessions#new' get 'sign_up', :to => 'devise/registrations#new' get 'sign_out', :to => 'devise/sessions#destroy' end

Due to the hacking topic, the button on our homepage is a form that is submitted with a GET. I thought this might be a problem, but the log shows that it is correctly accepting a GET request.

What's going on here? Where should I start looking for this?

UPDATE

Due to a hack on our home page, I mean, because bootstrap does not support <a class="btn... in the navigation bar, we use the form with the GET method to use the button that it supports, - therefore, from the server’s point of view, the user still sends a GET / sign_up when this button is pressed, this button is intended to receive them on the page / sign _up (registration_controller # new), it’s not the button they click on to submit a registration form with all their details.

(the registration form itself is normal, i.e. sends a POST)

And to be clear, I went through the process of fully registering manually, and it works. I never get 404. And the log message does not appear when I go through.

Here are the relevant parts of rake routes

  Prefix Verb URI Pattern Controller#Action new_identity_session GET /identities/sign_in(.:format) devise/sessions#new identity_session POST /identities/sign_in(.:format) devise/sessions#create destroy_identity_session DELETE /identities/sign_out(.:format) devise/sessions#destroy cancel_identity_registration GET /identities/cancel(.:format) identities/registrations#cancel identity_registration POST /identities(.:format) identities/registrations#create new_identity_registration GET /identities/sign_up(.:format) identities/registrations#new edit_identity_registration GET /identities/edit(.:format) identities/registrations#edit PATCH /identities(.:format) identities/registrations#update PUT /identities(.:format) identities/registrations#update DELETE /identities(.:format) identities/registrations#destroy sign_in GET /sign_in(.:format) devise/sessions#new sign_up GET /sign_up(.:format) devise/registrations#new sign_out GET /sign_out(.:format) devise/sessions#destroy

UPDATE 2

We are still getting this problem on our production server. The error goes through the roll. Interestingly, this does not happen in our production magazines. Production logs use single line logging . We cannot reproduce it in development, here is the magazine for visiting the page:

 Started GET "/sign_up" for 127.0.0.1 at 2017-01-02 12:25:10 +0800 Processing by Devise::RegistrationsController#new as HTML Rendered identities/shared/_sign_up.html.erb (203.5ms) Rendered identities/registrations/new.html.erb within layouts/focused (277.2ms) Rendered layouts/_social_headers.html.erb (39.1ms) Rendered layouts/_google_analytics.html.erb (6.2ms) Rendered layouts/_scripts.html.erb (3618.9ms) Rendered layouts/_hotjar.html.erb (4.7ms) Rendered layouts/_html_head.html.erb (3708.2ms) Nation Load (4.5ms) SELECT "nations".* FROM "nations" WHERE "nations"."id" IS NULL ORDER BY "nations"."id" ASC LIMIT 1 Rendered layouts/_topnavbar.html.erb (101.0ms) Rendered layouts/_breadcrumb.html.erb (7.4ms) Rendered layouts/_flash.html.erb (31.4ms) Rendered layouts/_footer2.html.erb (8.6ms) Completed 200 OK in 4223ms (Views: 4203.2ms | ActiveRecord: 4.5ms)
+7
ruby-on-rails ruby-on-rails-4 heroku devise rollbar
source share
1 answer

Turns out it's a confusion caused by Rollbar.

Ends roll summary by class, and not by default their error message. Therefore, when sending error reports, the report displays an error message that appears from the first instance of this exception.

So, in our case, our first deployment with Rollbar had an error, due to which / sign _up gave us a 404 error, which was fixed, but after that any 404 generated the same exception class, so when the exploit bot asked, let's say / wp -login.php, we received an email from Rollbar that said:

 ActionController::RoutingError: No route matches [GET] "/sign_up"

Even if the actual path that caused the most recent error was not / sign _up

We fixed this by changing our settings in the Rollbar group under grouping to enable "Include Exclusive Message" - so that the new 404 are not grouped together with / sign _up

I also added this to config/initializers/rollbar.rb to filter out some of the 404 sent to Rollbar.

  # Ignore bots trying to hack non existent end-points config.exception_level_filters.merge!('ActionController::RoutingError' => lambda { |e| e.message =~ %r(No route matches \[[AZ]+\] "/(.+)") case $1.split("/").first.to_s.downcase when *%w(myadmin phpmyadmin w00tw00t pma cgi-bin xmlrpc.php wp wordpress cfide) 'ignore' else 'warning' end })
+5
source share

More articles:


All Articles