Rack::ShowExceptions enabled in production Rails 4.0.4

808 views Asked by At

Running into a odd issue where Rack::ShowExceptions is rendering detailed exceptions for my rails 4.0.4 app in the production environment. Adding a config.middleware.delete(Rack::ShowExceptions) to config/application.rb still managed to result in the Rack::ShowExceptions template being rendered, and as such I expect there is some middleware dependency lurking.

For example, hitting the app with an unescaped % in a POST request lead to the Rack::ShowExceptions template being rendered:

Sample invalid POST request:

POST /en/users/sign_in HTTP/1.1
Host: www.localhost.dev
Proxy-Connection: keep-alive
Content-Length: 1
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://www.localhost.dev
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8

%

Rack middleware:

$ RAILS_ENV=production rake middleware
use Raven::Rack
use HttpMethodNotAllowed
use ActionDispatch::SSL
use Rack::Sendfile
use ActionDispatch::Static
use #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x007feba5b8b940>
use Rack::Runtime
use Rack::MethodOverride
use ActionDispatch::RequestId
use RequestStore::Middleware
use Rails::Rack::Logger
use ActionDispatch::ShowExceptions
use ActionDispatch::DebugExceptions
use ActionDispatch::RemoteIp
use ActionDispatch::Callbacks
use ActiveRecord::ConnectionAdapters::ConnectionManagement
use ActiveRecord::QueryCache
use ActionDispatch::Cookies
use ActionDispatch::Session::CookieStore
use ActionDispatch::Flash
use ActionDispatch::ParamsParser
use Rack::Head
use Rack::ConditionalGet
use Rack::ETag
use Warden::Manager
run MyApplication::Application.routes

We have config.exceptions_add = self.routes in config/application.rb if that's relevant.

I have given the ActionPack CHANGELOG a pretty close read, but it's quite possible that this issue has been fixed in a later release! If so, I would greatly appreciate a reference to it.

2

There are 2 answers

0
pixeltrix On

If you mean you have config.exceptions_app = self.routes then don't do that. You're shoving the exceptional state back into the app that raised that exceptional state so it's likely not do what you want. What's wrong with the default failure app?

0
John Leach On

Make sure you have RACK_ENV set to production as well as RAILS_ENV.

If RACK_ENV is not set, it defaults to development and rack itself loads Rack::ShowExceptions (and some other development middleware) before Rails is initialized.