From 3cc91bc1ab6618d08927ed1ba6cabed103e1117c Mon Sep 17 00:00:00 2001 From: mihaic195 Date: Tue, 18 Jan 2022 15:33:43 +0200 Subject: [PATCH] Update rails-on-rack guide on internal middlewares stack --- guides/source/api_app.md | 1 + guides/source/rails_on_rack.md | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/guides/source/api_app.md b/guides/source/api_app.md index 912c71ea18..a3ff00b25f 100644 --- a/guides/source/api_app.md +++ b/guides/source/api_app.md @@ -203,6 +203,7 @@ An API application comes with the following middleware by default: - `Rack::Sendfile` - `ActionDispatch::Static` - `ActionDispatch::Executor` +- `ActionDispatch::ServerTiming` - `ActiveSupport::Cache::Strategy::LocalCache::Middleware` - `Rack::Runtime` - `ActionDispatch::RequestId` diff --git a/guides/source/rails_on_rack.md b/guides/source/rails_on_rack.md index 2c77ed7890..ddb442bc2d 100644 --- a/guides/source/rails_on_rack.md +++ b/guides/source/rails_on_rack.md @@ -103,9 +103,11 @@ $ bin/rails middleware For a freshly generated Rails application, this might produce something like: ```ruby +use ActionDispatch::HostAuthorization use Rack::Sendfile use ActionDispatch::Static use ActionDispatch::Executor +use ActionDispatch::ServerTiming use ActiveSupport::Cache::Strategy::LocalCache::Middleware use Rack::Runtime use Rack::MethodOverride @@ -217,6 +219,10 @@ config.middleware.delete! ActionDispatch::Executor Much of Action Controller's functionality is implemented as Middlewares. The following list explains the purpose of each of them: +**`ActionDispatch::HostAuthorization`** + +* Guards from DNS rebinding attacks by explicitly permitting the hosts a request can be sent to. See the [configuration guide](configuring.html#actiondispatch-hostauthorization) for configuration instructions. + **`Rack::Sendfile`** * Sets server specific X-Sendfile header. Configure this via `config.action_dispatch.x_sendfile_header` option. @@ -233,6 +239,10 @@ Much of Action Controller's functionality is implemented as Middlewares. The fol * Used for thread safe code reloading during development. +**`ActionDispatch::ServerTiming`** + +* Sets a [`Server-Timing`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Server-Timing) header containing performance metrics for the request. + **`ActiveSupport::Cache::Strategy::LocalCache::Middleware`** * Used for memory caching. This cache is not thread safe.