mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Santiago Pastorino
parent
b9eec677c4
commit
919888503d
4 changed files with 15 additions and 13 deletions
|
|
@ -15,6 +15,8 @@ module ActionDispatch
|
|||
include ActionDispatch::Http::Upload
|
||||
include ActionDispatch::Http::URL
|
||||
|
||||
LOCALHOST = [/^127\.0\.0\.\d{1,3}$/, "::1", /^0:0:0:0:0:0:0:1(%.*)?$/].freeze
|
||||
|
||||
%w[ AUTH_TYPE GATEWAY_INTERFACE
|
||||
PATH_TRANSLATED REMOTE_HOST
|
||||
REMOTE_IDENT REMOTE_USER REMOTE_ADDR
|
||||
|
|
@ -231,5 +233,10 @@ module ActionDispatch
|
|||
@env['X_HTTP_AUTHORIZATION'] ||
|
||||
@env['REDIRECT_X_HTTP_AUTHORIZATION']
|
||||
end
|
||||
|
||||
# True if the request came from localhost, 127.0.0.1.
|
||||
def local?
|
||||
LOCALHOST.any? { |local_ip| local_ip === remote_addr && local_ip === remote_ip }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -6,8 +6,6 @@ module ActionDispatch
|
|||
# This middleware rescues any exception returned by the application and renders
|
||||
# nice exception pages if it's being rescued locally.
|
||||
class ShowExceptions
|
||||
LOCALHOST = [/^127\.0\.0\.\d{1,3}$/, "::1", /^0:0:0:0:0:0:0:1(%.*)?$/].freeze
|
||||
|
||||
RESCUES_TEMPLATE_PATH = File.join(File.dirname(__FILE__), 'templates')
|
||||
|
||||
cattr_accessor :rescue_responses
|
||||
|
|
@ -66,7 +64,7 @@ module ActionDispatch
|
|||
log_error(exception)
|
||||
|
||||
request = Request.new(env)
|
||||
if @consider_all_requests_local || local_request?(request)
|
||||
if @consider_all_requests_local || request.local?
|
||||
rescue_action_locally(request, exception)
|
||||
else
|
||||
rescue_action_in_public(exception)
|
||||
|
|
@ -112,11 +110,6 @@ module ActionDispatch
|
|||
end
|
||||
end
|
||||
|
||||
# True if the request came from localhost, 127.0.0.1.
|
||||
def local_request?(request)
|
||||
LOCALHOST.any? { |local_ip| local_ip === request.remote_addr && local_ip === request.remote_ip }
|
||||
end
|
||||
|
||||
def status_code(exception)
|
||||
Rack::Utils.status_code(@@rescue_responses[exception.class.name])
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
class Rails::InfoController < ActionController::Base
|
||||
def properties
|
||||
if consider_all_requests_local? || local_request?
|
||||
if consider_all_requests_local? || request.local?
|
||||
render :inline => Rails::Info.to_html
|
||||
else
|
||||
render :text => '<p>For security purposes, this information is only available to local requests.</p>', :status => :forbidden
|
||||
|
|
|
|||
|
|
@ -14,26 +14,28 @@ class InfoControllerTest < ActionController::TestCase
|
|||
Rails.application.routes.draw do
|
||||
match '/rails/info/properties' => "rails/info#properties"
|
||||
end
|
||||
@controller.stubs(:consider_all_requests_local? => false, :local_request? => true)
|
||||
@request.stubs(:local? => true)
|
||||
@controller.stubs(:consider_all_requests_local? => false)
|
||||
@routes = Rails.application.routes
|
||||
|
||||
Rails::InfoController.send(:include, @routes.url_helpers)
|
||||
end
|
||||
|
||||
test "info controller does not allow remote requests" do
|
||||
@controller.stubs(:consider_all_requests_local? => false, :local_request? => false)
|
||||
@request.stubs(:local? => false)
|
||||
get :properties
|
||||
assert_response :forbidden
|
||||
end
|
||||
|
||||
test "info controller renders an error message when request was forbidden" do
|
||||
@controller.stubs(:consider_all_requests_local? => false, :local_request? => false)
|
||||
@request.stubs(:local? => false)
|
||||
get :properties
|
||||
assert_select 'p'
|
||||
end
|
||||
|
||||
test "info controller allows requests when all requests are considered local" do
|
||||
@controller.stubs(:consider_all_requests_local? => true, :local_request? => false)
|
||||
@request.stubs(:local? => false)
|
||||
@controller.stubs(:consider_all_requests_local? => true)
|
||||
get :properties
|
||||
assert_response :success
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in a new issue