From 779bc9987d9e94af2959e3903ee6a4976c00f3d4 Mon Sep 17 00:00:00 2001
From: Adrianna Chang <adrianna.chang@shopify.com>
Date: Wed, 25 Nov 2020 16:15:53 -0500
Subject: [PATCH] Only use ActionDispatch::ActionableExceptions middleware if
 local env

When building the default middleware stack, the ActionDispatch::ActionableExceptions
middleware should only be used if the configuration has :consider_all_requests_local
set to true.

There is an existing check #actionable_request? in ActionableExceptions
that will prevent actionable exceptions from being dispatched, which
relies on the "action_dispatch.show_detailed_exceptions" header being
set to false. This check should remain in place as a second line of defense
in case the ActionableExceptions middleware is added back to the application.

However, we can go ahead and remove the middleware from the default stack
when the environment is not local.
---
 .../application/default_middleware_stack.rb   |  5 ++-
 railties/test/application/middleware_test.rb  | 36 ++++++++++++++++++-
 2 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/railties/lib/rails/application/default_middleware_stack.rb b/railties/lib/rails/application/default_middleware_stack.rb
index 6d64baab4c..5a766dd60a 100644
--- a/railties/lib/rails/application/default_middleware_stack.rb
+++ b/railties/lib/rails/application/default_middleware_stack.rb
@@ -50,7 +50,10 @@ module Rails
           middleware.use ::Rails::Rack::Logger, config.log_tags
           middleware.use ::ActionDispatch::ShowExceptions, show_exceptions_app
           middleware.use ::ActionDispatch::DebugExceptions, app, config.debug_exception_response_format
-          middleware.use ::ActionDispatch::ActionableExceptions
+
+          if config.consider_all_requests_local
+            middleware.use ::ActionDispatch::ActionableExceptions
+          end
 
           unless config.cache_classes
             middleware.use ::ActionDispatch::Reloader, app.reloader
diff --git a/railties/test/application/middleware_test.rb b/railties/test/application/middleware_test.rb
index 90aa9aa1dd..ebd37a35a8 100644
--- a/railties/test/application/middleware_test.rb
+++ b/railties/test/application/middleware_test.rb
@@ -24,6 +24,41 @@ module ApplicationTests
 
       boot!
 
+      assert_equal [
+        "Webpacker::DevServerProxy",
+        "ActionDispatch::HostAuthorization",
+        "Rack::Sendfile",
+        "ActionDispatch::Static",
+        "ActionDispatch::Executor",
+        "ActiveSupport::Cache::Strategy::LocalCache",
+        "Rack::Runtime",
+        "Rack::MethodOverride",
+        "ActionDispatch::RequestId",
+        "ActionDispatch::RemoteIp",
+        "Rails::Rack::Logger",
+        "ActionDispatch::ShowExceptions",
+        "ActionDispatch::DebugExceptions",
+        "ActionDispatch::Reloader",
+        "ActionDispatch::Callbacks",
+        "ActiveRecord::Migration::CheckPending",
+        "ActionDispatch::Cookies",
+        "ActionDispatch::Session::CookieStore",
+        "ActionDispatch::Flash",
+        "ActionDispatch::ContentSecurityPolicy::Middleware",
+        "ActionDispatch::PermissionsPolicy::Middleware",
+        "Rack::Head",
+        "Rack::ConditionalGet",
+        "Rack::ETag",
+        "Rack::TempfileReaper"
+      ], middleware
+    end
+
+    test "default middleware stack when requests are local" do
+      add_to_config "config.consider_all_requests_local = true"
+      add_to_config "config.active_record.migration_error = :page_load"
+
+      boot!
+
       assert_equal [
         "Webpacker::DevServerProxy",
         "ActionDispatch::HostAuthorization",
@@ -72,7 +107,6 @@ module ApplicationTests
         "Rails::Rack::Logger",
         "ActionDispatch::ShowExceptions",
         "ActionDispatch::DebugExceptions",
-        "ActionDispatch::ActionableExceptions",
         "ActionDispatch::Reloader",
         "ActionDispatch::Callbacks",
         "Rack::Head",