Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

only show better errors on localhost (closes #36)

  • Loading branch information...
commit 2446965013ced1174e917c1416450e3de74108af 1 parent 96e093f
Charlie Somerville authored
28 lib/better_errors/middleware.rb
View
@@ -1,4 +1,5 @@
require "json"
+require "ipaddr"
module BetterErrors
# Better Errors' error handling middleware. Including this in your middleware
@@ -36,18 +37,37 @@ def initialize(app, handler = ErrorPage)
# @param [Hash] env
# @return [Array]
def call(env)
+ if local_request? env
+ better_errors_call env
+ else
+ @app.call env
+ end
+ end
+
+ private
+ IPV4_LOCAL = IPAddr.new("127.0.0.0/8")
+ IPV6_LOCAL = IPAddr.new("::1/128")
+
+ def local_request?(env)
+ # REMOTE_ADDR is not in the rack spec, so some application servers do
+ # not provide it.
+ return true unless env["REMOTE_ADDR"]
+ ip = IPAddr.new env["REMOTE_ADDR"]
+ IPV4_LOCAL.include? ip or IPV6_LOCAL.include? ip
+ end
+
+ def better_errors_call(env)
case env["PATH_INFO"]
when %r{\A/__better_errors/(?<oid>-?\d+)/(?<method>\w+)\z}
internal_call env, $~
when %r{\A/__better_errors/?\z}
show_error_page env
else
- app_call env
+ protected_app_call env
end
end
-
- private
- def app_call(env)
+
+ def protected_app_call(env)
@app.call env
rescue Exception => ex
@error_page = @handler.new ex, env
5 spec/better_errors/middleware_spec.rb
View
@@ -18,6 +18,11 @@ module BetterErrors
app.call("PATH_INFO" => "/__better_errors/")
end
+ it "should not show the error page to a non-local address" do
+ app.should_not_receive :better_errors_call
+ app.call("REMOTE_ADDR" => "1.2.3.4")
+ end
+
context "when requesting the /__better_errors manually" do
let(:app) { Middleware.new(->env { ":)" }) }

1 comment on commit 2446965

☈king

Yay!

Please sign in to comment.
Something went wrong with that request. Please try again.