mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
cb23580684
Similar to #38998 (fixed in #40246), HTTP method validation occurring whenever methods are called on `ActionDispatch::Request` can cause some weird unintended consequences. For example, if `config.exceptions_app = self.routes`, you get an exception raised via the `ActionDispatch::ShowExceptions` middleware failsafe: ``` Started TEST "/" for 127.0.0.1 at 2020-11-05 15:40:31 -0500 (1.0ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC TEST, accepted HTTP methods are OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, VERSION-CONTROL, REPORT, CHECKOUT, CHECKIN, UNCHECKOUT, MKWORKSPACE, UPDATE, LABEL, MERGE, BASELINE-CONTROL, MKACTIVITY, ORDERPATCH, ACL, SEARCH, MKCALENDAR, and PATCH excluded from capture: DSN not set ActionController::UnknownHttpMethod (TEST, accepted HTTP methods are OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, VERSION-CONTROL, REPORT, CHECKOUT, CHECKIN, UNCHECKOUT, MKWORKSPACE, UPDATE, LABEL, MERGE, BASELINE-CONTROL, MKACTIVITY, ORDERPATCH, ACL, SEARCH, MKCALENDAR, and PATCH): actionpack (6.0.3.4) lib/action_dispatch/http/request.rb:431:in `check_method' actionpack (6.0.3.4) lib/action_dispatch/http/request.rb:143:in `request_method' rack (2.2.3) lib/rack/request.rb:187:in `head?' actionpack (6.0.3.4) lib/action_dispatch/journey/router.rb:113:in `find_routes' actionpack (6.0.3.4) lib/action_dispatch/journey/router.rb:32:in `serve' actionpack (6.0.3.4) lib/action_dispatch/routing/route_set.rb:834:in `call' Error during failsafe response: TEST, accepted HTTP methods are OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, VERSION-CONTROL, REPORT, CHECKOUT, CHECKIN, UNCHECKOUT, MKWORKSPACE, UPDATE, LABEL, MERGE, BASELINE-CONTROL, MKACTIVITY, ORDERPATCH, ACL, SEARCH, MKCALENDAR, and PATCH /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/http/request.rb:431:in `check_method' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/http/request.rb:143:in `request_method' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/rack-2.2.3/lib/rack/request.rb:187:in `head?' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/journey/router.rb:113:in `find_routes' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/journey/router.rb:32:in `serve' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/routing/route_set.rb:834:in `call' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/middleware/show_exceptions.rb:50:in `render_exception' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/middleware/show_exceptions.rb:36:in `rescue in call' /usr/local/var/rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/actionpack-6.0.3.4/lib/action_dispatch/middleware/show_exceptions.rb:31:in `call' # ... ``` Now, to prevent the redundant exception, we overwrite `request_method` before passing `env` down to `config.exceptions_app`. `action_dispatch.original_request_method` is set to keep the original request method available for inspection.
63 lines
2.6 KiB
Ruby
63 lines
2.6 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "action_dispatch/http/request"
|
|
require "action_dispatch/middleware/exception_wrapper"
|
|
|
|
module ActionDispatch
|
|
# This middleware rescues any exception returned by the application
|
|
# and calls an exceptions app that will wrap it in a format for the end user.
|
|
#
|
|
# The exceptions app should be passed as parameter on initialization
|
|
# of ShowExceptions. Every time there is an exception, ShowExceptions will
|
|
# store the exception in env["action_dispatch.exception"], rewrite the
|
|
# PATH_INFO to the exception status code and call the Rack app.
|
|
#
|
|
# If the application returns a "X-Cascade" pass response, this middleware
|
|
# will send an empty response as result with the correct status code.
|
|
# If any exception happens inside the exceptions app, this middleware
|
|
# catches the exceptions and returns a FAILSAFE_RESPONSE.
|
|
class ShowExceptions
|
|
FAILSAFE_RESPONSE = [500, { "Content-Type" => "text/plain" },
|
|
["500 Internal Server Error\n" \
|
|
"If you are the administrator of this website, then please read this web " \
|
|
"application's log file and/or the web server's log file to find out what " \
|
|
"went wrong."]]
|
|
|
|
def initialize(app, exceptions_app)
|
|
@app = app
|
|
@exceptions_app = exceptions_app
|
|
end
|
|
|
|
def call(env)
|
|
request = ActionDispatch::Request.new env
|
|
@app.call(env)
|
|
rescue Exception => exception
|
|
if request.show_exceptions?
|
|
render_exception(request, exception)
|
|
else
|
|
raise exception
|
|
end
|
|
end
|
|
|
|
private
|
|
def render_exception(request, exception)
|
|
backtrace_cleaner = request.get_header "action_dispatch.backtrace_cleaner"
|
|
wrapper = ExceptionWrapper.new(backtrace_cleaner, exception)
|
|
status = wrapper.status_code
|
|
request.set_header "action_dispatch.exception", wrapper.unwrapped_exception
|
|
request.set_header "action_dispatch.original_path", request.path_info
|
|
request.set_header "action_dispatch.original_request_method", request.raw_request_method
|
|
request.path_info = "/#{status}"
|
|
request.request_method = "GET"
|
|
response = @exceptions_app.call(request.env)
|
|
response[1]["X-Cascade"] == "pass" ? pass_response(status) : response
|
|
rescue Exception => failsafe_error
|
|
$stderr.puts "Error during failsafe response: #{failsafe_error}\n #{failsafe_error.backtrace * "\n "}"
|
|
FAILSAFE_RESPONSE
|
|
end
|
|
|
|
def pass_response(status)
|
|
[status, { "Content-Type" => "text/html; charset=#{Response.default_charset}", "Content-Length" => "0" }, []]
|
|
end
|
|
end
|
|
end
|