将 Rails 升级到6,获得阻塞主机错误

我需要 ActiveStorage 中的新函数 resize _ to _ fill,所以我升级到了 Ruby2.5.1和 Rails6。

ruby '2.5.1'


gem "rails", github: "rails/rails"

当我停下来,然后重新启动我的服务器(Cloud 9)时,我收到了下面的 Rails 错误:

Blocked host: xxxxxxx-xxxxxxx.c9users.io
To allow requests to xxxxxxx-xxxxxxx.c9users.io, add the following configuration:


Rails.application.config.hosts << "xxxxxxx-xxxxxxx.c9users.io"

我试过重启新窗户,但都不管用。我以前从没见过这个错误。我猜 Rails 的新版本正在做些什么?

67378 次浏览
小开

In Rails 6 Action Pack introduced ActionDispatch::HostAuthorization and by default allows only [IPAddr.new(“0.0.0.0/0”), IPAddr.new(“::/0”), “localhost”]

You can add arrays of RegExp, Proc, IPAddr and String or a single String in the file config/application.rb like this

class Application < Rails::Application
config.hosts << "xxxxxxx-xxxxxxx.c9users.io"
...
end

From "https://drivy.engineering/rails-6-unnoticed-features":

Rails 6 added a new middleware called ActionDispatch::HostAuthorization allowing you to whitelist some hosts for your application and preventing Host header attacks. You can easily configure it with a String, IPAddr, Proc and RegExp (useful when dealing with wildcard domains).

小开

If you want to disable this functionality on your development environment, you can add config.hosts.clear to config/environments/development.rb.

小开

The Blocked Host is a new feature of Rails 6. You can add this pattern to your config/environments/development.rb to have no worries of that in case of dynamic urls

config.hosts << /[a-z0-9]+\.c9users\.io/

Also for ngrok user, just replace above c9users by ngrok

Update: ngrok is currently using - and . as subdomain in their URLs so this should be accurate config.hosts << /[a-z0-9-.]+\.ngrok\.io/

Source: https://github.com/MikeRogers0/puma-ngrok-tunnel

小开

This article worked for me:

  1. The first option is to whitelist the hostnames in config/environments/development.rb:

    Rails.application.configure do
config.hosts << "hostname" # Whitelist one hostname
config.hosts << /application\.local\Z/ # Whitelist a test domain
end

  2. The second option is to clear the entire whitelist, which lets through requests for all hostnames:

    Rails.application.configure do
config.hosts.clear
end

Credit goes to Manfred Stienstra.

小开
最佳答案

I added Rails.application.config.hosts << "xxxxxxx-xxxxxxx.c9users.io" to config/application.rb and it fixed my test app fine. Then I did it to my real app and it also worked. The problem is, Devise threw an error as well, which apparently won't be fixed until at least Rails 6 beta. I guess I'm going back to Carrierwave for my image sizing needs until ActiveStorage is more mature.

小开

Add this line to config/environments/development.rb

config.hosts << /.*\.ngrok\.io/

Restart your rails server and it will work

小开

HEADS UP : You may whitelist your host with the config application.config.hosts << 'your_unvalid_host_name' but still have the error. The error message is currently not accurate in this case. See this issue. You should not use hostname with underscore. NB: The application.config.hosts.clear is working in this case.

小开

In Rails 6, when you want to allow host from ngrok v2.3.40, add this config into config/environments/development.rb

config.hosts << /[a-z0-9\-]+\.ap\.ngrok\.io/

Restart server and enjoy

小开

To allow requests from any subdomain of ngrok.io (or other service), the simplest solution is to prepend it with . like so:

# config/environments/development.rb


Rails.application.configure do


...


config.hosts << '.ngrok.io'
end

No need to use a regexp for subdomains like mentioned in some other answers.

PS: don't disable this functionality by doing config.hosts.clear as mentioned in some other answers, as this defeats the purpose of Rails' DNS rebinding protection, and under the right circumstances an outside attacker could gain full access to your local Rails app information (source).

小开

1st run the ngrok 3000 in one of the terminals and next open the new terminal and run rails s... then u can see now ngrok and rails s both can run simultaneously...

小开

In order to support hyphens in the ngrok subdomain name and region, you need to change config/environments/development.rb change config.hosts to /[a-z0-9.-]+.ngrok.io/

Example:

  config.hosts = (config.hosts rescue []) << /[a-z0-9.-]+.ngrok.io/
小开

Add this line to config/environments/development.rb

config.hosts << /.+\.ngrok\.io:\d+/

Most of the responses I see are missing the port part of the URL. If you are accessing this URL in a specific port (typically :3000) the :\d+ part of the regular expression is necessary.

It will work after restarting your server.

小开

config.hosts = nil

Use this in development.rb and and restart your rails server, it works for me, it will work.


提交答案