aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/lib/action_dispatch/middleware')
-rw-r--r--actionpack/lib/action_dispatch/middleware/cookies.rb5
-rw-r--r--actionpack/lib/action_dispatch/middleware/params_parser.rb13
-rw-r--r--actionpack/lib/action_dispatch/middleware/remote_ip.rb37
-rw-r--r--actionpack/lib/action_dispatch/middleware/show_exceptions.rb34
-rw-r--r--actionpack/lib/action_dispatch/middleware/templates/rescues/layout.erb1
5 files changed, 52 insertions, 38 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index a4ffd40a66..51cec41a34 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -243,10 +243,13 @@ module ActionDispatch
@delete_cookies.clear
end
+ mattr_accessor :always_write_cookie
+ self.always_write_cookie = false
+
private
def write_cookie?(cookie)
- @secure || !cookie[:secure] || defined?(Rails.env) && Rails.env.development?
+ @secure || !cookie[:secure] || always_write_cookie
end
end
diff --git a/actionpack/lib/action_dispatch/middleware/params_parser.rb b/actionpack/lib/action_dispatch/middleware/params_parser.rb
index d4208ca96e..6ded9dbfed 100644
--- a/actionpack/lib/action_dispatch/middleware/params_parser.rb
+++ b/actionpack/lib/action_dispatch/middleware/params_parser.rb
@@ -52,14 +52,9 @@ module ActionDispatch
false
end
rescue Exception => e # YAML, XML or Ruby code block errors
- logger.debug "Error occurred while parsing request parameters.\nContents:\n\n#{request.raw_post}"
+ logger(env).debug "Error occurred while parsing request parameters.\nContents:\n\n#{request.raw_post}"
- raise
- { "body" => request.raw_post,
- "content_type" => request.content_mime_type,
- "content_length" => request.content_length,
- "exception" => "#{e.message} (#{e.class})",
- "backtrace" => e.backtrace }
+ raise e
end
def content_type_from_legacy_post_data_format_header(env)
@@ -73,8 +68,8 @@ module ActionDispatch
nil
end
- def logger
- defined?(Rails.logger) ? Rails.logger : Logger.new($stderr)
+ def logger(env)
+ env['action_dispatch.logger'] || Logger.new($stderr)
end
end
end
diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb
index 3b813b03bb..66ece60860 100644
--- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb
+++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb
@@ -13,16 +13,16 @@ module ActionDispatch
)\.
}x
- attr_reader :check_ip_spoofing, :trusted_proxies
+ attr_reader :check_ip, :proxies
def initialize(app, check_ip_spoofing = true, custom_proxies = nil)
@app = app
- @check_ip_spoofing = check_ip_spoofing
+ @check_ip = check_ip_spoofing
if custom_proxies
- custom_regexp = Regexp.new(custom_proxies, "i")
- @trusted_proxies = Regexp.union(TRUSTED_PROXIES, custom_regexp)
+ custom_regexp = Regexp.new(custom_proxies)
+ @proxies = Regexp.union(TRUSTED_PROXIES, custom_regexp)
else
- @trusted_proxies = TRUSTED_PROXIES
+ @proxies = TRUSTED_PROXIES
end
end
@@ -33,7 +33,9 @@ module ActionDispatch
class GetIp
def initialize(env, middleware)
- @env, @middleware = env, middleware
+ @env = env
+ @middleware = middleware
+ @calculated_ip = false
end
# Determines originating IP address. REMOTE_ADDR is the standard
@@ -42,27 +44,36 @@ module ActionDispatch
# HTTP_X_FORWARDED_FOR may be a comma-delimited list in the case of
# multiple chained proxies. The last address which is not a known proxy
# will be the originating IP.
- def to_s
+ def calculate_ip
client_ip = @env['HTTP_CLIENT_IP']
forwarded_ips = ips_from('HTTP_X_FORWARDED_FOR')
remote_addrs = ips_from('REMOTE_ADDR')
- check_ip = client_ip && @middleware.check_ip_spoofing
+ check_ip = client_ip && @middleware.check_ip
if check_ip && !forwarded_ips.include?(client_ip)
# We don't know which came from the proxy, and which from the user
raise IpSpoofAttackError, "IP spoofing attack?!" \
- "HTTP_CLIENT_IP=#{env['HTTP_CLIENT_IP'].inspect}" \
- "HTTP_X_FORWARDED_FOR=#{env['HTTP_X_FORWARDED_FOR'].inspect}"
+ "HTTP_CLIENT_IP=#{@env['HTTP_CLIENT_IP'].inspect}" \
+ "HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}"
end
- client_ip || forwarded_ips.last || remote_addrs.last
+ not_proxy = client_ip || forwarded_ips.last || remote_addrs.first
+
+ # Return first REMOTE_ADDR if there are no other options
+ not_proxy || ips_from('REMOTE_ADDR', :allow_proxies).first
+ end
+
+ def to_s
+ return @ip if @calculated_ip
+ @calculated_ip = true
+ @ip = calculate_ip
end
protected
- def ips_from(header)
+ def ips_from(header, allow_proxies = false)
ips = @env[header] ? @env[header].strip.split(/[,\s]+/) : []
- ips.reject{|ip| ip =~ @middleware.trusted_proxies }
+ allow_proxies ? ips : ips.reject{|ip| ip =~ @middleware.proxies }
end
end
diff --git a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb
index 2fa68c64c5..8dc2820d37 100644
--- a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb
+++ b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb
@@ -2,6 +2,7 @@ require 'active_support/core_ext/exception'
require 'action_controller/metal/exceptions'
require 'active_support/notifications'
require 'action_dispatch/http/request'
+require 'active_support/deprecation'
module ActionDispatch
# This middleware rescues any exception returned by the application and renders
@@ -38,9 +39,9 @@ module ActionDispatch
"application's log file and/or the web server's log file to find out what " <<
"went wrong.</body></html>"]]
- def initialize(app, consider_all_requests_local = false)
+ def initialize(app, consider_all_requests_local = nil)
+ ActiveSupport::Deprecation.warn "Passing consider_all_requests_local option to ActionDispatch::ShowExceptions middleware no longer works" unless consider_all_requests_local.nil?
@app = app
- @consider_all_requests_local = consider_all_requests_local
end
def call(env)
@@ -62,14 +63,13 @@ module ActionDispatch
private
def render_exception(env, exception)
- log_error(exception)
+ log_error(env, exception)
exception = original_exception(exception)
- request = Request.new(env)
- if @consider_all_requests_local || request.local?
- rescue_action_locally(request, exception)
+ if env['action_dispatch.show_detailed_exceptions'] == true
+ rescue_action_diagnostics(env, exception)
else
- rescue_action_in_public(exception)
+ rescue_action_error_page(exception)
end
rescue Exception => failsafe_error
$stderr.puts "Error during failsafe response: #{failsafe_error}\n #{failsafe_error.backtrace * "\n "}"
@@ -78,9 +78,9 @@ module ActionDispatch
# Render detailed diagnostics for unhandled exceptions rescued from
# a controller action.
- def rescue_action_locally(request, exception)
+ def rescue_action_diagnostics(env, exception)
template = ActionView::Base.new([RESCUES_TEMPLATE_PATH],
- :request => request,
+ :request => Request.new(env),
:exception => exception,
:application_trace => application_trace(exception),
:framework_trace => framework_trace(exception),
@@ -98,7 +98,7 @@ module ActionDispatch
# it will first attempt to render the file at <tt>public/500.da.html</tt>
# then attempt to render <tt>public/500.html</tt>. If none of them exist,
# the body of the response will be left empty.
- def rescue_action_in_public(exception)
+ def rescue_action_error_page(exception)
status = status_code(exception)
locale_path = "#{public_path}/#{status}.#{I18n.locale}.html" if I18n.locale
path = "#{public_path}/#{status}.html"
@@ -124,14 +124,14 @@ module ActionDispatch
defined?(Rails.public_path) ? Rails.public_path : 'public_path'
end
- def log_error(exception)
- return unless logger
+ def log_error(env, exception)
+ return unless logger(env)
ActiveSupport::Deprecation.silence do
message = "\n#{exception.class} (#{exception.message}):\n"
message << exception.annoted_source_code.to_s if exception.respond_to?(:annoted_source_code)
message << " " << application_trace(exception).join("\n ")
- logger.fatal("#{message}\n\n")
+ logger(env).fatal("#{message}\n\n")
end
end
@@ -153,8 +153,12 @@ module ActionDispatch
exception.backtrace
end
- def logger
- defined?(Rails.logger) ? Rails.logger : Logger.new($stderr)
+ def logger(env)
+ env['action_dispatch.logger'] || stderr_logger
+ end
+
+ def stderr_logger
+ Logger.new($stderr)
end
def original_exception(exception)
diff --git a/actionpack/lib/action_dispatch/middleware/templates/rescues/layout.erb b/actionpack/lib/action_dispatch/middleware/templates/rescues/layout.erb
index 6e71fd7ddc..1a308707d1 100644
--- a/actionpack/lib/action_dispatch/middleware/templates/rescues/layout.erb
+++ b/actionpack/lib/action_dispatch/middleware/templates/rescues/layout.erb
@@ -16,6 +16,7 @@
background-color: #eee;
padding: 10px;
font-size: 11px;
+ white-space: pre-wrap;
}
a { color: #000; }
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-15 16:18:01 +0000