From eea28f4103f0a55e50ce750582317110c988afcd Mon Sep 17 00:00:00 2001
From: Daniel Colson <danieljamescolson@gmail.com>
Date: Sun, 28 Jan 2018 12:53:11 -0500
Subject: Allow @ in X-Request-Id header

It makes sense to be as strict as possible
with headers from the outside world,
but allowing @ to support Apache's mod_unique_id
(see #31644) seems OK to me
---
 actionpack/lib/action_dispatch/middleware/request_id.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/lib')

diff --git a/actionpack/lib/action_dispatch/middleware/request_id.rb b/actionpack/lib/action_dispatch/middleware/request_id.rb
index 805d3f2148..da2871b551 100644
--- a/actionpack/lib/action_dispatch/middleware/request_id.rb
+++ b/actionpack/lib/action_dispatch/middleware/request_id.rb
@@ -30,7 +30,7 @@ module ActionDispatch
     private
       def make_request_id(request_id)
         if request_id.presence
-          request_id.gsub(/[^\w\-]/, "".freeze).first(255)
+          request_id.gsub(/[^\w\-@]/, "".freeze).first(255)
         else
           internal_request_id
         end
-- 
cgit v1.2.3