sendfile test fix

[alexanderadam]

I have no idea whether this was somehow intentionally done like this or whether that's actually something that intentionally failing or maybe something else.

However, I just thought that I could do this quickly and check what you're thinking instead of a long discussion. 😉

PS: I'm looking for a new adventure in case anybody is looking to hire or work with a Ruby/Rails/Crystal dev

[grape-bot]

	1 Warning
⚠️	Unless you're refactoring existing code or improving documentation, please update CHANGELOG.md.

	1 Message
📖	We really appreciate pull requests that demonstrate issues, even without a fix. That said, the next step is to try and fix the failing tests!

Here's an example of a CHANGELOG.md entry:

* [#2613](https://github.com/ruby-grape/grape/pull/2613): Sendfile test fix - [@alexanderadam](https://github.com/alexanderadam).

Generated by 🚫 Danger

[dblock]

This definitely passed at some point, we should understand why the behavior changed. Are we getting a newer version of Rack now that has a code change? I'd like to avoid masking a real change accidentally - would you mind bisecting this down to a specific change in rack before we merge the fix?

[alexanderadam]

I think that this was related to this vulnerability and the attached patches from Samuel Williams.

For the 3.2 release this was this patch:

To enable x-accel-redirect, you must configure the middleware explicitly:
use Rack::Sendfile, "x-accel-redirect"
For security reasons, the x-sendfile-type header from requests is ignored.
The sendfile variation must be set via the middleware constructor.

[dblock]

Perfect, thanks @alexanderadam and @ioquatix.