You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While using Apache + Passenger, we pass a request ID to our app using mod_request_id. This library uses the @ symbol as part of its alphabet, as documented in this paragraph:
The UNIQUE_ID environment variable is constructed by encoding the 144-bit (32-bit IP address, 32 bit pid, 32 bit time stamp, 16 bit counter, 32 bit thread index) quadruple using the alphabet [A-Za-z0-9@-] in a manner similar to MIME base64 encoding, producing 24 characters. The MIME base64 alphabet is actually [A-Za-z0-9+/] however + and / need to be specially encoded in URLs, which makes them less desirable.
The make_request_id method removes the @ symbol from any request ID passed through X-Request-Id.
It makes sense to be as strict as possible
with headers from the outside world,
but allowing @ to support Apache's mod_unique_id
(see rails#31644) seems OK to me
While using Apache + Passenger, we pass a request ID to our app using mod_request_id. This library uses the @ symbol as part of its alphabet, as documented in this paragraph:
The
make_request_id
method removes the @ symbol from any request ID passed throughX-Request-Id
.rails/actionpack/lib/action_dispatch/middleware/request_id.rb
Line 31 in 9a130ee
Any chance
make_request_id
could be loosened up a bit to accommodate request IDs generated by this common library?The text was updated successfully, but these errors were encountered: