This reverts commit 37423e4ff8
.
Jeremy is right that we shouldn't remove this. The fact is that many
engines are depending on this middleware to be in the default stack.
This ties our hands and forces us to keep the middleware in the stack so
that engines will work. To be extremely clear, I think this is another
smell of "the rack stack" that we have in place. When manipulating
middleware, we should have meaningful names for places in the req / res
lifecycle **not** have engines depend on a particular constant be in a
particular place in the stack. This is a weakness of the API that we
have to figure out a way to address before removing the constant.
As far as timing attacks are concerned, we can reduce the granularity
such that it isn't useful information for hackers, but is still useful
for developers.
9.4 KiB
DO NOT READ THIS FILE ON GITHUB, GUIDES ARE PUBLISHED ON http://guides.rubyonrails.org.
Rails on Rack
This guide covers Rails integration with Rack and interfacing with other Rack components.
After reading this guide, you will know:
- How to use Rack Middlewares in your Rails applications.
- Action Pack's internal Middleware stack.
- How to define a custom Middleware stack.
WARNING: This guide assumes a working knowledge of Rack protocol and Rack concepts such as middlewares, url maps and Rack::Builder
.
Introduction to Rack
Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.
Explaining Rack is not really in the scope of this guide. In case you are not familiar with Rack's basics, you should check out the Resources section below.
Rails on Rack
Rails Application's Rack Object
Rails.application
is the primary Rack application object of a Rails
application. Any Rack compliant web server should be using
Rails.application
object to serve a Rails application.
rails server
rails server
does the basic job of creating a Rack::Server
object and starting the webserver.
Here's how rails server
creates an instance of Rack::Server
Rails::Server.new.tap do |server|
require APP_PATH
Dir.chdir(Rails.application.root)
server.start
end
The Rails::Server
inherits from Rack::Server
and calls the Rack::Server#start
method this way:
class Server < ::Rack::Server
def start
...
super
end
end
rackup
To use rackup
instead of Rails' rails server
, you can put the following inside config.ru
of your Rails application's root directory:
# Rails.root/config.ru
require ::File.expand_path('../config/environment', __FILE__)
run Rails.application
And start the server:
$ rackup config.ru
To find out more about different rackup
options:
$ rackup --help
Development and auto-reloading
Middlewares are loaded once and are not monitored for changes. You will have to restart the server for changes to be reflected in the running application.
Action Dispatcher Middleware Stack
Many of Action Dispatcher's internal components are implemented as Rack middlewares. Rails::Application
uses ActionDispatch::MiddlewareStack
to combine various internal and external middlewares to form a complete Rails Rack application.
NOTE: ActionDispatch::MiddlewareStack
is Rails equivalent of Rack::Builder
, but built for better flexibility and more features to meet Rails' requirements.
Inspecting Middleware Stack
Rails has a handy rake task for inspecting the middleware stack in use:
$ bin/rake middleware
For a freshly generated Rails application, this might produce something like:
use Rack::Sendfile
use ActionDispatch::Static
use Rack::Lock
use #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x000000029a0838>
use Rack::Runtime
use Rack::MethodOverride
use ActionDispatch::RequestId
use Rails::Rack::Logger
use ActionDispatch::ShowExceptions
use ActionDispatch::DebugExceptions
use ActionDispatch::RemoteIp
use ActionDispatch::Reloader
use ActionDispatch::Callbacks
use ActiveRecord::Migration::CheckPending
use ActiveRecord::ConnectionAdapters::ConnectionManagement
use ActiveRecord::QueryCache
use ActionDispatch::Cookies
use ActionDispatch::Session::CookieStore
use ActionDispatch::Flash
use Rack::Head
use Rack::ConditionalGet
use Rack::ETag
run Rails.application.routes
The default middlewares shown here (and some others) are each summarized in the Internal Middlewares section, below.
Configuring Middleware Stack
Rails provides a simple configuration interface config.middleware
for adding, removing and modifying the middlewares in the middleware stack via application.rb
or the environment specific configuration file environments/<environment>.rb
.
Adding a Middleware
You can add a new middleware to the middleware stack using any of the following methods:
-
config.middleware.use(new_middleware, args)
- Adds the new middleware at the bottom of the middleware stack. -
config.middleware.insert_before(existing_middleware, new_middleware, args)
- Adds the new middleware before the specified existing middleware in the middleware stack. -
config.middleware.insert_after(existing_middleware, new_middleware, args)
- Adds the new middleware after the specified existing middleware in the middleware stack.
# config/application.rb
# Push Rack::BounceFavicon at the bottom
config.middleware.use Rack::BounceFavicon
# Add Lifo::Cache after ActiveRecord::QueryCache.
# Pass { page_cache: false } argument to Lifo::Cache.
config.middleware.insert_after ActiveRecord::QueryCache, Lifo::Cache, page_cache: false
Swapping a Middleware
You can swap an existing middleware in the middleware stack using config.middleware.swap
.
# config/application.rb
# Replace ActionDispatch::ShowExceptions with Lifo::ShowExceptions
config.middleware.swap ActionDispatch::ShowExceptions, Lifo::ShowExceptions
Deleting a Middleware
Add the following lines to your application configuration:
# config/application.rb
config.middleware.delete Rack::Lock
And now if you inspect the middleware stack, you'll find that Rack::Lock
is
not a part of it.
$ bin/rake middleware
(in /Users/lifo/Rails/blog)
use ActionDispatch::Static
use #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x00000001c304c8>
use Rack::Runtime
...
run Rails.application.routes
If you want to remove session related middleware, do the following:
# config/application.rb
config.middleware.delete ActionDispatch::Cookies
config.middleware.delete ActionDispatch::Session::CookieStore
config.middleware.delete ActionDispatch::Flash
And to remove browser related middleware,
# config/application.rb
config.middleware.delete Rack::MethodOverride
Internal Middleware Stack
Much of Action Controller's functionality is implemented as Middlewares. The following list explains the purpose of each of them:
Rack::Sendfile
- Sets server specific X-Sendfile header. Configure this via
config.action_dispatch.x_sendfile_header
option.
ActionDispatch::Static
- Used to serve static files. Disabled if
config.serve_static_files
isfalse
.
Rack::Lock
- Sets
env["rack.multithread"]
flag tofalse
and wraps the application within a Mutex.
ActiveSupport::Cache::Strategy::LocalCache::Middleware
- Used for memory caching. This cache is not thread safe.
Rack::Runtime
- Sets an X-Runtime header, containing the time (in seconds) taken to execute the request.
Rack::MethodOverride
- Allows the method to be overridden if
params[:_method]
is set. This is the middleware which supports the PUT and DELETE HTTP method types.
ActionDispatch::RequestId
- Makes a unique
X-Request-Id
header available to the response and enables theActionDispatch::Request#request_id
method.
Rails::Rack::Logger
- Notifies the logs that the request has began. After request is complete, flushes all the logs.
ActionDispatch::ShowExceptions
- Rescues any exception returned by the application and calls an exceptions app that will wrap it in a format for the end user.
ActionDispatch::DebugExceptions
- Responsible for logging exceptions and showing a debugging page in case the request is local.
ActionDispatch::RemoteIp
- Checks for IP spoofing attacks.
ActionDispatch::Reloader
- Provides prepare and cleanup callbacks, intended to assist with code reloading during development.
ActionDispatch::Callbacks
- Provides callbacks to be executed before and after dispatching the request.
ActiveRecord::Migration::CheckPending
- Checks pending migrations and raises
ActiveRecord::PendingMigrationError
if any migrations are pending.
ActiveRecord::ConnectionAdapters::ConnectionManagement
- Cleans active connections after each request, unless the
rack.test
key in the request environment is set totrue
.
ActiveRecord::QueryCache
- Enables the Active Record query cache.
ActionDispatch::Cookies
- Sets cookies for the request.
ActionDispatch::Session::CookieStore
- Responsible for storing the session in cookies.
ActionDispatch::Flash
- Sets up the flash keys. Only available if
config.action_controller.session_store
is set to a value.
Rack::Head
- Converts HEAD requests to
GET
requests and serves them as so.
Rack::ConditionalGet
- Adds support for "Conditional
GET
" so that server responds with nothing if page wasn't changed.
Rack::ETag
- Adds ETag header on all String bodies. ETags are used to validate cache.
TIP: It's possible to use any of the above middlewares in your custom Rack stack.