diff options
| author | Daniel Colson <danieljamescolson@gmail.com> | 2018-01-28 12:53:11 -0500 |
|---|---|---|
| committer | Daniel Colson <danieljamescolson@gmail.com> | 2018-01-29 19:35:39 -0500 |
| commit | eea28f4103f0a55e50ce750582317110c988afcd (patch) | |
| tree | 02287f553328e14f2529e70ef434d7c6a5cf9219 /actionpack | |
| parent | 2f9549d4f46ca1f9cc437d4f89bd8df405e28dbd (diff) | |
| download | rails-eea28f4103f0a55e50ce750582317110c988afcd.tar.gz rails-eea28f4103f0a55e50ce750582317110c988afcd.tar.bz2 rails-eea28f4103f0a55e50ce750582317110c988afcd.zip | |
Allow @ in X-Request-Id header
It makes sense to be as strict as possible
with headers from the outside world,
but allowing @ to support Apache's mod_unique_id
(see #31644) seems OK to me
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/request_id.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/dispatch/request_id_test.rb | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/request_id.rb b/actionpack/lib/action_dispatch/middleware/request_id.rb index 805d3f2148..da2871b551 100644 --- a/actionpack/lib/action_dispatch/middleware/request_id.rb +++ b/actionpack/lib/action_dispatch/middleware/request_id.rb @@ -30,7 +30,7 @@ module ActionDispatch private def make_request_id(request_id) if request_id.presence - request_id.gsub(/[^\w\-]/, "".freeze).first(255) + request_id.gsub(/[^\w\-@]/, "".freeze).first(255) else internal_request_id end diff --git a/actionpack/test/dispatch/request_id_test.rb b/actionpack/test/dispatch/request_id_test.rb index aa3175c986..9df4712dab 100644 --- a/actionpack/test/dispatch/request_id_test.rb +++ b/actionpack/test/dispatch/request_id_test.rb @@ -11,6 +11,11 @@ class RequestIdTest < ActiveSupport::TestCase assert_equal "X-Hacked-HeaderStuff", stub_request("HTTP_X_REQUEST_ID" => "; X-Hacked-Header: Stuff").request_id end + test "accept Apache mod_unique_id format" do + mod_unique_id = "abcxyz@ABCXYZ-0123456789" + assert_equal mod_unique_id, stub_request("HTTP_X_REQUEST_ID" => mod_unique_id).request_id + end + test "ensure that 255 char limit on the request id is being enforced" do assert_equal "X" * 255, stub_request("HTTP_X_REQUEST_ID" => "X" * 500).request_id end |