Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
I wanted to manage a MongoLab db so I added the server string which looks like this:
But then I do that and then click on it I get a 404 server not found. I also cannot delete it - I click delete and confirm and disappears until I reload the page.
Using ruby version 2.3.8
The text was updated successfully, but these errors were encountered:
I might have just figured this issue out. Do you have rack-protection gem v1.5.1 installed? If so, do you mind removing it, installing v1.5.0, and trying that?
gem uninstall rack-protection -a
gem install rack-protection -v 1.5.0
Sorry, something went wrong.
That did the trick
If you're curious, the problem is that rack-protection mistakenly thinks the appropriate way to prevent directory traversal is to decode every encoded slash in the path :-/
I'll get a release out momentarily with a workaround.
Ah - cool - well no huge hurry for me as the only thing I use ruby for is this app :)
Work around rack-protection’s misguided path decoding
No branches or pull requests