Provide a default host header to make request as valid as possible#1084
Open
benoittgt wants to merge 1 commit intobblimke:masterfrom
Open
Provide a default host header to make request as valid as possible#1084benoittgt wants to merge 1 commit intobblimke:masterfrom
benoittgt wants to merge 1 commit intobblimke:masterfrom
Conversation
benoittgt
force-pushed
the
prevent-empty-host
branch
2 times, most recently
from
c2210d3 to
dbf8d67
Compare
While working on this sinatra/sinatra#2053 in our project. I noticed than when using Webmock, sinatra logs and especially the enforced rack-protection were showing this kind of logs: ``` D, [2024-11-22T13:05:16.798156 #26673] DEBUG -- : Rack::Protection::HostAuthorization @all_permitted_hosts=[".company.com"] @permitted_hosts=["company.com"] @domain_hosts=[/\A(?-mix:[a-z0-9\-.]+)company\.com\z/i] @ip_hosts=[] origin_host="" forwarded_host=nil ``` As you can see, `origin_host` is empty, because the header is missing. When not using webmock, we fallback on `net/http` host header setup. https://github.com/ruby/net-http/blob/cfbbb50c931a78fc2b5c731b9abeda161e1dfdd1/lib/net/http.rb#L2482
benoittgt
force-pushed
the
prevent-empty-host
branch
from
dbf8d67 to
8e8327c
Compare
Author
|
Rebased. I think this pull request is still interesting. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
While working on this sinatra/sinatra#2053 in our project. I noticed than when using Webmock, Sinatra logs and especially the enforced rack-protection were showing this kind of logs:
As you can see,
origin_hostis empty, because the header is missing.When not using webmock, we fallback on
net/httphost header setup. https://github.com/ruby/net-http/blob/cfbbb50c931a78fc2b5c731b9abeda161e1dfdd1/lib/net/http.rb#L2482I think Webmock should also set this
hostheader.I looked at the test quickly but didn't find an easy to check for this change.