From a70c7a2f53852248012559041235cc8ecdce2047 Mon Sep 17 00:00:00 2001 From: Brian Knight <776994+brianknight10@users.noreply.github.com> Date: Tue, 20 Jul 2021 16:39:21 -0400 Subject: [PATCH] Add host authorization middleware options to the config guide --- guides/source/configuring.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/guides/source/configuring.md b/guides/source/configuring.md index 8037b63112..08bb7d3ddd 100644 --- a/guides/source/configuring.md +++ b/guides/source/configuring.md @@ -274,6 +274,28 @@ Every Rails application comes with a standard set of middleware which it uses in Rails.application.config.hosts << ".product.com" ``` + You can exclude certain requests from Host Authorization checks by setting + `config.host_configuration.exclude`: + + ```ruby + # Exclude requests for the /healthcheck/ path from host checking + Rails.application.config.host_configuration = { + exclude: ->(request) { request.path =~ /healthcheck/ } + } + ``` + + When a request comes to an unauthorized host, a default Rack application + will run and respond with `403 Forbidden`. This can be customized by setting + `config.host_configuration.response_app`. For example: + + ```ruby + Rails.application.config.host_configuration = { + response_app: -> env do + [400, { "Content-Type" => "text/plain" }, ["Bad Request"]] + end + } + ``` + * `ActionDispatch::SSL` forces every request to be served using HTTPS. Enabled if `config.force_ssl` is set to `true`. Options passed to this can be configured by setting `config.ssl_options`. * `ActionDispatch::Static` is used to serve static assets. Disabled if `config.public_file_server.enabled` is `false`. Set `config.public_file_server.index_name` if you need to serve a static directory index file that is not named `index`. For example, to serve `main.html` instead of `index.html` for directory requests, set `config.public_file_server.index_name` to `"main"`. * `ActionDispatch::Executor` allows thread safe code reloading. Disabled if `config.allow_concurrency` is `false`, which causes `Rack::Lock` to be loaded. `Rack::Lock` wraps the app in mutex so it can only be called by a single thread at a time.