mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
1f767407cb
In the same way that requests may need to be excluded from forced SSL, requests may also need to be excluded from the Host Authorization checks. By providing this additional flexibility more applications will be able to enable Host Authorization while excluding requests that may not conform. For example, AWS Classic Load Balancers don't provide a Host header and cannot be configured to send one. This means that Host Authorization must be disabled to use the health check provided by the load balancer. This change will allow an application to exclude the health check requests from the Host Authorization requirements. I've modified the `ActionDispatch::HostAuthorization` middleware to accept arguments in a similar way to `ActionDispatch::SSL`. The hosts configuration setting still exists separately as does the hosts_response_app but I've tried to group the Host Authorization settings like the ssl_options. It may make sense to deprecate the global hosts_response_app if it's only used as part of the Host Authorization failure response. I've also updated the existing tests as the method signature changed and added new tests to verify the exclusion functionality. |
||
|---|---|---|
| .. | ||
| abstract | ||
| assertions | ||
| controller | ||
| dispatch | ||
| fixtures | ||
| journey | ||
| lib | ||
| routing | ||
| support | ||
| abstract_unit.rb | ||