Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Always whitelist localhost and inform users why no console is displayed #104

Merged
merged 4 commits into from
Jan 30, 2015

Conversation

gsamokovarov
Copy link
Collaborator

We get a lot of reports that a console isn't displayed when requested to. This can happen because of two things: a user is trying go request a console rendering from unauthorised IP or a user is trying to render a console on unacceptable page content type. For example, we try not to render the console on JSON pages.

I think most of the times, people try to whitelist a singe IP or a network, which currently leaves localhost unauthorised, because you have to explicitly specify it. This is well documented, but it is a tricky behaviour and I can't imagine a case where you want localhost out of the whitelisted IPs.

To remedy this I propose to have IPv4 and IPv6 localhost always whitelisted. This leave us a nice window to refactor and improve most of the code code around network whitelisting.

As noted in the first paragraph, network whitelisting is one of the places where console rendering could be blocked. Another one is content type based rendering. To help with this, I made config.web_console.acceptable_content_types, where a user can put customised set of Mime types.

And to make everything more explicit, I introduced logging when a console rendering is denied. This, again, is customizable and could be stopped with config.web_console.whiny_requests = false. Its on by default, so we can ask users to provide us the log and help us, and them, investigate issues further.

@rafaelfranca
Copy link
Member

I believe we need a initializer to make config.web_console.whiny_requests work

@gsamokovarov gsamokovarov force-pushed the whitelisted-ips branch 2 times, most recently from 58bc8f6 to 005285c Compare January 30, 2015 19:13
@gsamokovarov
Copy link
Collaborator Author

Hey, thanks for catching that, I thought its already in the PR. Brought it in the last amend.

@rafaelfranca
Copy link
Member

:shipit:

gsamokovarov added a commit that referenced this pull request Jan 30, 2015
Always whitelist localhost and inform users why no console is displayed
@gsamokovarov gsamokovarov merged commit ed7b20b into rails:master Jan 30, 2015
@gsamokovarov gsamokovarov deleted the whitelisted-ips branch March 17, 2017 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants