Configure middleware position in Rails #491
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Why: * The position of a middleware in the Rack attack has consequences. For instance, any instrumentation middleware like [Skylight] will measure and capture what happens in the middlewares below it, but not on those above. The current implementation forces the rack-attack middleware to always be appended to the list when initializing Rails, making it the last on the list when added, but often others will be added afterwards. While this behaviour is perfectly suitable by default, there are situations where one might need to control where the middleware is on the list. Given the lack of configuration points to tweak this behaviour, currently the only way to achieve this is to add the middleware again at the top. This results in a duplication of the `Rack::Attack` middleware in the stack. This change addresses the need by: * Shamelessly copying the approach followed by [skylight-ruby], where the Railtie initializes a configuration object that can be set up in `config/application.rb`, thus allowing the position of the middleware to be tweaked. [Skylight]: https://skylight.io [skylight-ruby]: https://github.com/skylightio/skylight-ruby
|
I guess this might be useful to address #459 too. |
Why: * The build is failing due to the use of `ActiveSupport::OrderedOptions` in some versions. This change addresses the issue by: * Adding `middleware_position` to the common `Rack::Attack.configuration`; * Changing the approach to use the common configuration object instead of creating a new one; * Moving the requirements of the Rails railtie to the end of the entry file, to ensure the configuration object is already defined when it is loaded.
|
Closing this due to lack of response. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Why:
The position of a middleware in the Rack attack has consequences. For
instance, any instrumentation middleware like Skylight will measure
and capture what happens in the middlewares below it, but not on those
above.
The current implementation forces the rack-attack middleware to always
be appended to the list when initializing Rails, making it the last on
the list when added, but often others will be added afterwards.
While this behaviour is perfectly suitable by default, there are
situations where one might need to control where the middleware is on
the list. Given the lack of configuration points to tweak this
behaviour, currently the only way to achieve this is to add the
middleware again at the top. This results in a duplication of the
Rack::Attackmiddleware in the stack.This change addresses the need by:
the Railtie initializes a configuration object that can be set up in
config/application.rb, thus allowing the position of the middlewareto be tweaked.