aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware/debug_exceptions.rb
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #31634 from afcapel/reduce-routing-error-log-noiseRafael Mendonça França2019-07-161-3/+1
|\ | | | | | | Reduce log noise handling ActionController::RoutingErrors
| * Reduce log noise handling ActionController::RoutingErrorsAlberto Fernández Capel2019-05-281-3/+1
| | | | | | | | | | | | | | | | | | Each time a missing route is hit 32 lines of internal rails traces are written to the log. This is overly verbose and doesn't offer any actionable information to the user. With this change we'll still write an error message showing the route error but the trace will be omitted.
* | Enable `Layout/EmptyLinesAroundAccessModifier` copRyuta Kamizono2019-06-131-1/+0
|/ | | | | | | | | | | We sometimes say "✂️ newline after `private`" in a code review (e.g. https://github.com/rails/rails/pull/18546#discussion_r23188776, https://github.com/rails/rails/pull/34832#discussion_r244847195). Now `Layout/EmptyLinesAroundAccessModifier` cop have new enforced style `EnforcedStyle: only_before` (https://github.com/rubocop-hq/rubocop/pull/7059). That cop and enforced style will reduce the our code review cost.
* remove unused requires from debug_exceptionsyaojie2019-05-281-2/+0
|
* Manage ActionDispatch::ActionableExceptions from the default middleware stackGenadi Samokovarov2019-04-191-1/+1
|
* Introduce Actionable ErrorsGenadi Samokovarov2019-04-191-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Actionable errors let's you dispatch actions from Rails' error pages. This can help you save time if you have a clear action for the resolution of common development errors. The de-facto example are pending migrations. Every time pending migrations are found, a middleware raises an error. With actionable errors, you can run the migrations right from the error page. Other examples include Rails plugins that need to run a rake task to setup themselves. They can now raise actionable errors to run the setup straight from the error pages. Here is how to define an actionable error: ```ruby class PendingMigrationError < MigrationError #:nodoc: include ActiveSupport::ActionableError action "Run pending migrations" do ActiveRecord::Tasks::DatabaseTasks.migrate end end ``` To make an error actionable, include the `ActiveSupport::ActionableError` module and invoke the `action` class macro to define the action. An action needs a name and a procedure to execute. The name is shown as the name of a button on the error pages. Once clicked, it will invoke the given procedure.
* Fix annotated typoPrathamesh Sonpatki2019-03-291-1/+1
|
* Add the `Mime::Type::InvalidMimeType` error in the default rescue_response:Edouard CHIN2019-03-261-1/+5
| | | | | | | | | | | | | | | - https://github.com/rails/rails/pull/35604 introduced a vulnerability fix to raise an error in case the `HTTP_ACCEPT` headers contains malformated mime type. This will cause applications to throw a 500 if a User Agent sends an invalid header. This PR adds the `InvalidMimeType` in the default `rescue_responses` from the ExceptionWrapper and will return a 406. I looked up the HTTP/1.1 RFC and it doesn't stand what should be returned when the UA sends malformated mime type. Decided to get 406 as it seemed to be the status the better suited for this.
* Enable `Style/RedundantBegin` cop to avoid newly adding redundant begin blockRyuta Kamizono2018-12-211-5/+3
| | | | | | | | | | Currently we sometimes find a redundant begin block in code review (e.g. https://github.com/rails/rails/pull/33604#discussion_r209784205). I'd like to enable `Style/RedundantBegin` cop to avoid that, since rescue/else/ensure are allowed inside do/end blocks in Ruby 2.5 (https://bugs.ruby-lang.org/issues/12906), so we'd probably meets with that situation than before.
* Introduce a guard against DNS rebinding attacksGenadi Samokovarov2018-12-151-41/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ActionDispatch::HostAuthorization is a new middleware that prevent against DNS rebinding and other Host header attacks. By default it is included only in the development environment with the following configuration: Rails.application.config.hosts = [ IPAddr.new("0.0.0.0/0"), # All IPv4 addresses. IPAddr.new("::/0"), # All IPv6 addresses. "localhost" # The localhost reserved domain. ] In other environments, `Rails.application.config.hosts` is empty and no Host header checks will be done. If you want to guard against header attacks on production, you have to manually permit the allowed hosts with: Rails.application.config.hosts << "product.com" The host of a request is checked against the hosts entries with the case operator (#===), which lets hosts support entries of type RegExp, Proc and IPAddr to name a few. Here is an example with a regexp. # Allow requests from subdomains like `www.product.com` and # `beta1.product.com`. Rails.application.config.hosts << /.*\.product\.com/ A special case is supported that allows you to permit all sub-domains: # Allow requests from subdomains like `www.product.com` and # `beta1.product.com`. Rails.application.config.hosts << ".product.com"
* Avoid extra array allocationsSamuel Cochran2018-11-291-2/+2
|
* Log exceptions atomicallySamuel Cochran2018-11-281-5/+8
| | | | | | When distributed over multiple logger calls the lines can become intermixed with other log statements. Combining them into a single logger call makes sure they always get logged together.
* Enable `Performance/UnfreezeString` copyuuji.yaginuma2018-09-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In Ruby 2.3 or later, `String#+@` is available and `+@` is faster than `dup`. ```ruby # frozen_string_literal: true require "bundler/inline" gemfile(true) do source "https://rubygems.org" gem "benchmark-ips" end Benchmark.ips do |x| x.report('+@') { +"" } x.report('dup') { "".dup } x.compare! end ``` ``` $ ruby -v benchmark.rb ruby 2.5.1p57 (2018-03-29 revision 63029) [x86_64-linux] Warming up -------------------------------------- +@ 282.289k i/100ms dup 187.638k i/100ms Calculating ------------------------------------- +@ 6.775M (± 3.6%) i/s - 33.875M in 5.006253s dup 3.320M (± 2.2%) i/s - 16.700M in 5.032125s Comparison: +@: 6775299.3 i/s dup: 3320400.7 i/s - 2.04x slower ```
* Show nested exceptions on the debug viewYuki Nishijima2018-07-151-14/+4
|
* Introduce ActionDispatch::DebugExceptions interceptorsGenadi Samokovarov2018-04-201-1/+23
| | | | | | | | | | | | | | Plugins interacting with the exceptions caught and displayed by ActionDispatch::DebugExceptions currently have to monkey patch it to get the much needed exception for their calculation. With DebugExceptions.register_interceptor, plugin authors can hook into DebugExceptions and process the exception, before being rendered. They can store it into the request and process it on the way back of the middleware chain execution or act on it straight in the interceptor. The interceptors can be play blocks, procs, lambdas or any object that responds to `#call`.
* [Action Pack] require => require_relativeAkira Matsuda2017-10-211-3/+3
| | | | | This basically reverts e9fca7668b9eba82bcc832cb0061459703368397, d08da958b9ae17d4bbe4c9d7db497ece2450db5f, d1fe1dcf8ab1c0210a37c2a78c1ee52cf199a66d, and 68eaf7b4d5f2bb56d939f71c5ece2d61cf6680a3
* [Action Pack] `rubocop -a --only Layout/EmptyLineAfterMagicComment`Koichi ITO2017-07-111-0/+1
|
* Prepare AP and AR to be frozen string friendlyKir Shatrov2017-07-061-1/+2
|
* [Action Dispatch] require => require_relativeAkira Matsuda2017-07-011-3/+3
|
* Define path with __dir__bogdanvlviv2017-05-231-1/+1
| | | | | | ".. with __dir__ we can restore order in the Universe." - by @fxn Related to 5b8738c2df003a96f0e490c43559747618d10f5f
* Format and send logs to logger.fatal from DebugExceptions instead of calling ↵Vipul A M2016-11-121-1/+5
| | | | | | fatal multiple times. Expose tags_text from TaggedLogging to be used for log formatting Fixes #26134
* Support plain loggers in DebugExceptionsGenadi Samokovarov2016-10-281-1/+3
| | | | | | | | | | | | | | I have been seeing people setting `Logger` instances for `config.logger` and it blowing up on `rails/web-console` usage. Now, I doubt many folks are manually setting `ActionView::Base.logger`, but given that `DebugExceptions` is running in a pretty fragile environment already, having it crash (and being silent) in those cases can be pretty tricky to trace down. I'm proposing we verify whether the `ActionView::Base.logger` supports silencing before we try to do it, to save us the headache of tracing it down.
* Add three new rubocop rulesRafael Mendonça França2016-08-161-1/+1
| | | | | | | | Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
* normalizes indentation and whitespace across the projectXavier Noria2016-08-061-98/+98
|
* applies new string literal convention in actionpack/libXavier Noria2016-08-061-18/+18
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Silence DebugExceptions template render logs during exceptionsGenadi Samokovarov2016-07-021-0/+8
| | | | | | | | | | | | When an exception is raised, those Action View rendering logs are just noise for the end developer. I recently silenced those from Web Console, as we do use Action View rendering in it as well. It used created a half a screen of rendering logs. I think we can save those in this recent push for cleaner development logs. Now, the silencing is a bit hacky and we have a bunch of it now, so we can also invest in turning off the logs directly from Action View objects instead of silencing off the logging stream.
* API only apps: Preserve request format for HTML requests tooPrathamesh Sonpatki2016-05-111-8/+12
| | | | | | | | | | | | | - Earlier we were responding with JSON format for HTML requests in a API app. - Now we will respond with HTML format for such requests in API apps. - Also earlier we were not testing the API app's JSON requests properly. We were actually sending HTML requests. Now we send correct JSON requests. Also added more test coverage. - Based on the discussion from this commit - https://github.com/rails/rails/commit/05d89410bf97d0778e78558db3c9fed275f8a614. [Prathamesh Sonpatki, Jorge Bejar]
* Fix code styleRafael Mendonça França2016-02-171-3/+4
| | | | This change was added in #23203 and it was not conforming our code style.
* WIP: Errors in logs should show log tags as well.Vipul A M2016-02-121-7/+11
| | | | | | | - Changed formatted_code_for to return array of logs to be tagged for each line - Changed some render tests to match new behaviour of return Fixes #22979
* Avoid warning because of the mime typeJorge Bejar2015-12-091-1/+1
|
* DebugException initialize with a response_format valueJorge Bejar2015-12-091-6/+7
|
* Better name for method in DebugExceptions middlewareJorge Bejar2015-12-091-2/+2
|
* Minor cleanup in AD::DebugExceptionsJorge Bejar2015-12-091-6/+9
|
* Remove unneeded args in AD::DebugExceptionsJorge Bejar2015-12-091-1/+0
|
* New hash syntax in AD::DebugExceptionsJorge Bejar2015-12-091-4/+4
|
* Fix some edge cases in AD::DebugExceptions in rails api appsJorge Bejar2015-12-091-41/+64
|
* Response when error should be formatted properly in Rails API if local requestJorge Bejar2015-12-091-2/+15
|
* remove env access from debug_exceptionsAaron Patterson2015-08-231-10/+9
| | | | Creates fewer request objects and helps to abstract away from internals
* ask the request if we should show exceptionsAaron Patterson2015-08-061-1/+2
| | | | | hide the env key in the request object so that other code doesn't need to know.
* ExceptionWrapper doesn't need to know about `env`Aaron Patterson2015-08-061-1/+2
| | | | | | ExceptionWrapper only cares about the backtrace cleaner, so lets just pass the cleaner to the wrapper. It does not need to know that env exists or what key the backtrace cleaner is stored in
* Action View is needed for DebugExceptionsRafael Mendonça França2014-12-021-0/+2
| | | | We should remove this dependency later.
* Refactor debug viewKir Shatrov2014-12-021-1/+29
| | | Avoid logic in ERB and use helpers
* Merge pull request #17630 from gsamokovarov/exception-wrapper-source-extractGuillermo Iguaran2014-11-161-1/+1
|\ | | | | Rename #source_extract to #source_extracts in ExceptionWrapper
| * Rename #source_extract to #source_extracts in ExceptionWrapperGenadi Samokovarov2014-11-161-1/+1
| | | | | | | | | | It returns multiple source extracts since 1ed264bc. Also cleaned its result structure, as we no longer need the file in a code extract.
* | Don't show full trace on routing errorsGenadi Samokovarov2014-11-161-1/+1
|/ | | | | | | | | | Since dbcbbcf2bc58e8971672b143d1c52c0244e33f26 the full trace is shown by default on routing errors. While this is a nice feature to have, it does take the attention off the routes table in this view and I think this is what most of the people look for in this page. Added an exception to the default trace switching rule to remove that noise.
* Move DebugExceptions#traces_from_wrapper to ExceptionWrapperGenadi Samokovarov2014-11-031-29/+1
| | | | | ActionDispatch::ExceptionWrapper seems to be the more natural place for this method to live in.
* Show the user’s application in the source window and select the correct ↵Byron Bischoff2014-10-231-23/+33
| | | | trace list, closes #17312
* Retrieve source code for the entire stack traceRyan Dao2014-08-081-3/+32
| | | | | | Provide the ability to extract the source code of the entire exception stack trace, not just the frame raising the error. This improves debugging capability of the error page, especially for framework-related errors.
* Display exceptions in text format for xhr requestKir Shatrov2013-08-221-13/+21
|
* remove begin-rescue in favor of def-rescueGosha Arinich2013-01-071-10/+9
|