Why cant I read headers after updating to rails 4.2.0 - ruby-on-rails

I have an app I recently upgraded to Rails 4.2.0. In this app I request an access token for a small API. In the API controller I am attempting to grab this token. I am testing with POSTman, sending a request to my local machine, running it with dev or production works perfect fine. Sending a request to the nginx phusion passenger server yields nothing, the token is nil according to the logs.
POSTman request
headers: access_token: '12345'
API controller
#access_token = request.headers['HTTP_ACCESS_TOKEN']
The headers are read in all cap with the http prefix as I read somewhere - which I can't seem to find now, that this was the proper setup. My rails 3.2 app used to read lowercase without the prefix headers, and work correctly. Once upgrading to 4.2.0, this functionality broke locally. Adding the prefix and uppercasing the read-in solved the issue locally in dev and production modes. Once deployed, however, the headers always seem to be nil.
Since I can run locally in production mode and this works, I am having a hard time figuring out what happens once this is deployed. Is this something with nginx or passenger? I am pretty new to nginx, am I missing something here? Any help you could provide would be greatly appreciated.

When using rails over an Webserver with CGI Interface, these Headers are dropped by Apache or NGIX.
It's a legacy problem. ACCESS-TOKEN and ACCESS_TOKEN would be mapped to the same CGI variable 'access_token'.
And because Dashes are more common in the header, the underscores are ignored.

Related

Rails params nulled when responding to csv format in production

I'm having a weird problem I cannot seem to figure out related to rails params.
I have a Controller where I permit any param. In this controller, a param (csv_type) controls which CSV file I will respond. CSV of type registration or attendance, for example.
This param is built in URL via path (e.g.: abcs_path(#abc, format: 'csv', csv_type: 'attendance') resulting in /abcs/id.csv?csv_type=attendance.
I would expect {"csv_type"=>"attendance", "controller"=>"abcs", "action"=>"show", "id"=>"45", "format"=>"csv"} but in production I get {"controller"=>"abcs", "action"=>"show", "id"=>"45", "format"=>"csv"}. csv_type is gone.
This works flawlessly locally and I get all params. Also works well on Heroku review apps. Also works well when I run locally on RAILS_ENV=production.
But in real production, it doesn't. It also doesn't work on staging which is configured with RAILS_ENV=production. Though review apps are also RAILS_ENV=production, which makes the whole thing a mystery.
Ideas:
- nginx messing up with domain (staging and production are on official domain, review app is Heroku domain, local is localhost).
- sqreen somehow intercepting this
- mime.types and https (have tried adding csv to rails, with no success). Didn't add on nginx
- some rails config on params permit (though I'm doing params.permit!) on before_action just to make sure
- some ENV variable messing up?
- can't think of anything else ???
Thanks in advance for the help!

Rails loopback/redirection issue in production

I am new to Rails, Currently I am working on Rails application which is back-end and Angular as a front end. I am getting an issue like in my production server when I go to backend(rails) URL, it redirects me to root URL of application and return 502 for every rails request. I have checked CORS but not any issue in it. Same code is working find in my local development enviornment.
Can anyone help me to find this issue?

Hash slash (#/text) wipes out url leaving domain with /text

Working on some rails app where observing a weird issue, when there is a “#/whatever” at the end of a url, it wipes out the rest of the url.
For e.g., if we have below URL
https://www.example.com/sub/123/cou/321/something
and we add #/hello?how-are-you, like
https://www.example.com/sub/123/cou/321/something#/hello?how-are-you
and press enter, url changes to:
https://www.example.com/hello?how-are-you
On all environments. Tested this in other rails app and .NET apps where this is not observed, below are details of my ROR app:
rails 4.2.7.1, ruby 2.3.1 and many gems
Question:
How can I prevent this behaviour, as this send wrong url.referrer to server
You can't. Fragments are local to the web browser, that's their whole point. They never get sent to the server, so there is nothing you can do on the server to get them.

405 not allowed nginx, CORS? Nginx config? Or something else?

Working on an app built using Ember.js and Rails.
Authentication is being done with ember-simple-auth using Oauth2.
I am able to login to my app locally in my development environment, but as soon as I try to login on my production server (through Heroku) I start receiving a nginx 405 not allowed status code.
First thing I thought was maybe it is my request headers / CORS. I am using rack-cors gem on my rails side and configured it based directly off the readme example. Here is my application.rb
Researching, I found the same problem with the solution being to configure Nginx side of things, but I figured since that is being handled by heroku I wasn't really sure if that was where I need to make my changes.
Let me know if there are any other files/info that could help.
What is the best way to debug this problem?
Try using this first to rule out CORS:
https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi
Does the route work locally when you use Postman or a similar tool?
Are you requesting HTML or JSON?

Redirection in RubyOnRails

I just got an SSL certificate for "example.com". After making some configurations in NGINX I could finally redirect "http://www.example.com" calls and "http://example.com" calls to "https://example.com". Everything works fine, but when I type "https://www.example.com" an SSL error is shown. Is there a way to redirect "https://www.example.com" calls to "https://example.com" using some Ruby code?
Handling the redirect at the Rack level and not inside of the Rails app is my preferred way to solve this requirement.
https://github.com/jtrupiano/rack-rewrite#scheme
The link takes you to the part of the README that addresses this question. I've used this gem in the past and it works really well.

Resources