github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 01:47:22 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
a49a6941c6
discourse/config/initializers/200-first_middlewares.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

123 lines
4.3 KiB
Ruby
Raw Normal View History

DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-03 06:17:27 +08:00
# frozen_string_literal: true
DEV: Correct spelling mistakes in comments
2021-05-21 11:37:17 +08:00
# we want MessageBus to be close to the front
Revert "Revert message bus upgrade" This reverts commit 47e718f5b24cb2d8b991f5b1a51efe3f79f5f934.
2015-12-09 08:48:41 +08:00
# this is important cause the vast majority of web requests go to it
# this allows us to avoid full middleware crawls each time
REFACTOR: Move the multisite middleware to the front Both request tracking and message bus rely on multisite before the middleware has run which is not ideal. Follow-up-to: ca1208a63669d4d4ad7452367008d40fa090f645
2020-03-30 19:01:06 +08:00
#
# We aren't manipulating the middleware stack directly because of
# https://github.com/rails/rails/pull/27936
WORKAROUND: Can't reinsert a deleted middleware.
2017-09-04 20:42:22 +08:00
FIX: Set sane default for `Net::HTTP` when processing a request (#28141) This commit patches `Net::HTTP` to reduce the default timeouts of 60 seconds when we are processing a request. There are certain routes in Discourse which makes external requests and if the proper timeouts are not set, we risk having the Unicorn master process force restarting the Unicorn workers once the `30` seconds timeout is reached. This can potentially become a vector for DoS attacks and this commit is aimed at reducing the risk here.
2024-08-06 07:12:42 +08:00
require "middleware/processing_request"
Rails.configuration.middleware.unshift(Middleware::ProcessingRequest)
Revert "Revert "DEV: upgrade to Rails 6.0.3"" This reverts commit 2ff8b4f5d9dd72a55d7ebdc23a3758dd5ec4682d. Attempt #2 at a Rails update this time we also update the rails_multisite gem to allow for cleaner reordering
2020-05-08 08:44:51 +08:00
Rails.configuration.middleware.unshift(MessageBus::Rack::Middleware)
Revert "Revert message bus upgrade" This reverts commit 47e718f5b24cb2d8b991f5b1a51efe3f79f5f934.
2015-12-09 08:48:41 +08:00
# no reason to track this in development, that is 300+ redis calls saved per
# page view (we serve all assets out of thin in development)
if Rails.env != "development" || ENV["TRACK_REQUESTS"]
require "middleware/request_tracker"
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
Rails.configuration.middleware.unshift(Middleware::RequestTracker)
Rails.configuration.middleware.move_before(Middleware::RequestTracker, ActionDispatch::RemoteIp)
FEATURE: enable_performance_http_headers for performance diagnostics This adds support for DISCOURSE_ENABLE_PERFORMANCE_HTTP_HEADERS when set to `true` this will turn on performance related headers ```text X-Redis-Calls: 10 # number of redis calls X-Redis-Time: 1.02 # redis time in seconds X-Sql-Commands: 102 # number of SQL commands X-Sql-Time: 1.02 # duration in SQL in seconds X-Queue-Time: 1.01 # time the request sat in queue (depends on NGINX) ``` To get queue time NGINX must provide: HTTP_X_REQUEST_START We do not recommend you enable this without thinking, it exposes information about what your page is doing, usually you would only enable this if you intend to strip off the headers further down the stream in a proxy
2019-06-05 14:08:11 +08:00
MethodProfiler.ensure_discourse_instrumentation! if GlobalSetting.enable_performance_http_headers
Revert "Revert message bus upgrade" This reverts commit 47e718f5b24cb2d8b991f5b1a51efe3f79f5f934.
2015-12-09 08:48:41 +08:00
end
REFACTOR: Move the multisite middleware to the front Both request tracking and message bus rely on multisite before the middleware has run which is not ideal. Follow-up-to: ca1208a63669d4d4ad7452367008d40fa090f645
2020-03-30 19:01:06 +08:00
DEV: Improve multisite testing (#14884) This commit adds the RailsMultisite middleware in test mode when Rails.configuration.multisite is true. This allows for much more realistic integration testing. The `multisite_spec.rb` file is rewritten to avoid needing to simulate a middleware stack.
2021-11-12 00:44:58 +08:00
if Rails.env.test?
# In test mode we can't insert/remove middlewares
# Therefore we insert a small helper which effectively switches the multisite
# middleware on/off based on the Rails.configuration.multisite value
class TestMultisiteMiddleware < RailsMultisite::Middleware
def call(env)
return @app.call(env) if !Rails.configuration.multisite
super(env)
end
end
DEV: Block all incoming requests before resetting Capybara session (#25692) Why this change? We have been debugging flaky system tests and noticed in https://github.com/discourse/discourse/actions/runs/7911902047/job/21596791343?pr=25690 that ActiveRecord connection checkout timeouts are encountered because the Capybara server thread is processing requests even after `Capybara.reset_session!` and ActiveRecord's `teardown_fixtures` have already been call. The theory here is that an inflight request can still hit the Capybara server even after `Capybara.reset_session!` has been called and end up eating up an ActiveRecord connection for too long and also messing with the database outside of a transaction. What does this change do? This change adds a `BlockRequestsMiddleware` middleware in the test environment which is enabled to reject all incoming requests at the end of each system test and before `Capybara.reset_session!` is called. At the start of each RSpec test, the middleware is disabled again.
2024-02-15 16:36:12 +08:00
DEV: Improve multisite testing (#14884) This commit adds the RailsMultisite middleware in test mode when Rails.configuration.multisite is true. This allows for much more realistic integration testing. The `multisite_spec.rb` file is rewritten to avoid needing to simulate a middleware stack.
2021-11-12 00:44:58 +08:00
Rails.configuration.middleware.unshift TestMultisiteMiddleware,
RailsMultisite::DiscoursePatches.config
DEV: Block all incoming requests before resetting Capybara session (#25692) Why this change? We have been debugging flaky system tests and noticed in https://github.com/discourse/discourse/actions/runs/7911902047/job/21596791343?pr=25690 that ActiveRecord connection checkout timeouts are encountered because the Capybara server thread is processing requests even after `Capybara.reset_session!` and ActiveRecord's `teardown_fixtures` have already been call. The theory here is that an inflight request can still hit the Capybara server even after `Capybara.reset_session!` has been called and end up eating up an ActiveRecord connection for too long and also messing with the database outside of a transaction. What does this change do? This change adds a `BlockRequestsMiddleware` middleware in the test environment which is enabled to reject all incoming requests at the end of each system test and before `Capybara.reset_session!` is called. At the start of each RSpec test, the middleware is disabled again.
2024-02-15 16:36:12 +08:00
class BlockRequestsMiddleware
DEV: Do not process requests initiated by browser in a different example (#25809) Why this change? We noticed that running `LOAD_PLUGINS=1 rspec --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb` locally results in the system tests randomly failing. When we inspected the request logs closely, we noticed that a `/presence/get` request from a previous rspec example was being processed when a new rspec example is already being run. We know it was from the previous rspec example because inspecting the auth token showed the request using the auth token of a user from the previous example. However, when a request using an auth token from a previous example is used it ends up logging out the same user on the server side because the user id in the cookie is the same due to the use of `fab!`. I did some research and there is apparently no way to wait until all inflight requests by the browser has completed through capybara or selenium. Therefore, we will add an identifier by attaching a cookie to all non-xhr requests so that xhr requests which are triggered subsequently will contain the cookie in the request. In the `BlockRequestsMiddleware` middleware, we will then reject any requests when the value of the identifier in the cookie does not match the current rspec's example location. To see the problem locally, change `Auth::DefaultCurrentUserProvider.find_v1_auth_cookie` to the following: ``` def self.find_v1_auth_cookie(env) return env[DECRYPTED_AUTH_COOKIE] if env.key?(DECRYPTED_AUTH_COOKIE) env[DECRYPTED_AUTH_COOKIE] = begin request = ActionDispatch::Request.new(env) cookie = request.cookies[TOKEN_COOKIE] # don't even initialize a cookie jar if we don't have a cookie at all if cookie&.valid_encoding? && cookie.present? puts "#{env["REQUEST_PATH"]} #{request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access}" request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access end end end ``` After which run the following command: `LOAD_PLUGINS=1 rspec --format documentation --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb` It takes a few tries but the last spec should fail and you should see something like this: ``` assets/chunk.c16f6ba8b6824baa47ac.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735} /assets/chunk.050148142e1d2dc992dd.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735} /chat/api/channels/527/messages {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735} /uploads/default/test_0/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_512x512.png {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735} redirects to existing chat channel redirects to chat channel if recipients param is missing (PENDING: Temporarily skipped with xit) with multiple users /favicon.ico {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736} /chat/new-message {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736} /presence/get {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735} ``` Note how the `/presence/get` request is using a token from the previous example. Co-authored-by: David Taylor <david@taylorhq.com>
2024-02-22 19:41:10 +08:00
RSPEC_CURRENT_EXAMPLE_COOKIE_STRING = "rspec_current_example_location"
cattr_accessor :current_example_location
DEV: Block all incoming requests before resetting Capybara session (#25692) Why this change? We have been debugging flaky system tests and noticed in https://github.com/discourse/discourse/actions/runs/7911902047/job/21596791343?pr=25690 that ActiveRecord connection checkout timeouts are encountered because the Capybara server thread is processing requests even after `Capybara.reset_session!` and ActiveRecord's `teardown_fixtures` have already been call. The theory here is that an inflight request can still hit the Capybara server even after `Capybara.reset_session!` has been called and end up eating up an ActiveRecord connection for too long and also messing with the database outside of a transaction. What does this change do? This change adds a `BlockRequestsMiddleware` middleware in the test environment which is enabled to reject all incoming requests at the end of each system test and before `Capybara.reset_session!` is called. At the start of each RSpec test, the middleware is disabled again.
2024-02-15 16:36:12 +08:00
@@block_requests = false
def self.block_requests!
@@block_requests = true
end
def self.allow_requests!
@@block_requests = false
end
def initialize(app)
@app = app
end
def call(env)
DEV: Do not process requests initiated by browser in a different example (#25809) Why this change? We noticed that running `LOAD_PLUGINS=1 rspec --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb` locally results in the system tests randomly failing. When we inspected the request logs closely, we noticed that a `/presence/get` request from a previous rspec example was being processed when a new rspec example is already being run. We know it was from the previous rspec example because inspecting the auth token showed the request using the auth token of a user from the previous example. However, when a request using an auth token from a previous example is used it ends up logging out the same user on the server side because the user id in the cookie is the same due to the use of `fab!`. I did some research and there is apparently no way to wait until all inflight requests by the browser has completed through capybara or selenium. Therefore, we will add an identifier by attaching a cookie to all non-xhr requests so that xhr requests which are triggered subsequently will contain the cookie in the request. In the `BlockRequestsMiddleware` middleware, we will then reject any requests when the value of the identifier in the cookie does not match the current rspec's example location. To see the problem locally, change `Auth::DefaultCurrentUserProvider.find_v1_auth_cookie` to the following: ``` def self.find_v1_auth_cookie(env) return env[DECRYPTED_AUTH_COOKIE] if env.key?(DECRYPTED_AUTH_COOKIE) env[DECRYPTED_AUTH_COOKIE] = begin request = ActionDispatch::Request.new(env) cookie = request.cookies[TOKEN_COOKIE] # don't even initialize a cookie jar if we don't have a cookie at all if cookie&.valid_encoding? && cookie.present? puts "#{env["REQUEST_PATH"]} #{request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access}" request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access end end end ``` After which run the following command: `LOAD_PLUGINS=1 rspec --format documentation --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb` It takes a few tries but the last spec should fail and you should see something like this: ``` assets/chunk.c16f6ba8b6824baa47ac.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735} /assets/chunk.050148142e1d2dc992dd.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735} /chat/api/channels/527/messages {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735} /uploads/default/test_0/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_512x512.png {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735} redirects to existing chat channel redirects to chat channel if recipients param is missing (PENDING: Temporarily skipped with xit) with multiple users /favicon.ico {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736} /chat/new-message {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736} /presence/get {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735} ``` Note how the `/presence/get` request is using a token from the previous example. Co-authored-by: David Taylor <david@taylorhq.com>
2024-02-22 19:41:10 +08:00
request = Rack::Request.new(env)
DEV: Fix connections timeout in system test (#25835) Why this change? This regressed in 6e9fbb5babf50c7d00fc612bcd2764bf252b9ffb because we had a `request.xhr?` check before we decide to block requests. However, there could not none-xhr requests which we need to block as well at the end of each system test when `@@block_requests` is true. This also reverts commit 6437f27f9091d00cfa65062a2519bdaa91ff9e28.
2024-02-23 16:03:46 +08:00
if (
@@block_requests ||
(
request.xhr? && self.class.current_example_location.present? &&
self.class.current_example_location !=
request.cookies[RSPEC_CURRENT_EXAMPLE_COOKIE_STRING]
)
)
FIX: Improve handling of 'PublicExceptions' when bootstrap_error_pages enabled (#26700) - Run the CSP-nonce-related middlewares on the generated response - Fix the readonly mode checking to avoid empty strings being passed (the `check_readonly_mode` before_action will not execute in the case of these re-dispatched exceptions) - Move the BlockRequestsMiddleware cookie-setting to the middleware, so that it is included even for unusual HTML responses like these exceptions
2024-04-24 16:40:13 +08:00
return [
DEV: Ensure that `BlockRequestsMiddleware` cookie is always set (#25826) Why this change? This reverts 725561cf4bddeda0a5cf2f68ed7b76e0c9deead8 as it did not address the root cause of the problem even though it fixed the failing tests we were seeing when running `bundle exec rspec --tag ~type:multisite --order random:776 spec/system/admin_customize_form_templates_spec.rb spec/system/admin_sidebar_navigation_spec.rb spec/system/admin_site_setting_search_spec.rb spec/system/composer/dont_feed_the_trolls_popup_spec.rb spec/system/composer/review_media_unless_trust_level_spec.rb spec/system/create_account_spec.rb spec/system/editing_sidebar_tags_navigation_spec.rb spec/system/email_change_spec.rb spec/system/emojis/emoji_deny_list_spec.rb spec/system/group_activity_spec.rb spec/system/hashtag_autocomplete_spec.rb spec/system/network_disconnected_spec.rb spec/system/post_menu_spec.rb spec/system/post_small_action_spec.rb spec/system/tags_intersection_spec.rb spec/system/topic_list_focus_spec.rb spec/system/topic_page_spec.rb spec/system/user_page/user_profile_info_panel_spec.rb spec/system/viewing_group_members_spec.rb spec/system/viewing_navigation_menu_preferences_spec.rb`. The root cause here is that `before_action`s added to a controller is order dependent. As such, some requests were not setting the cookie because the `before_action` callback was not even hit as a prior `before_action` callbacks has raised an error such as the `check_xhr` `before_action` callback. To resolve the problem, we need to add the `prepend: true` option in our monkey patch of `ApplicationController` to ensure that the `before_action` callback which we have added is always run first. This change also makes a couple of changes: 1. Improve the response body when a request is blocked by the `BlockRequestsMiddleware` middleware so that it makes debugging easier. 2. Only set the cookies for non-xhr HTML format requests. Setting it for other formats is kind of pointless.
2024-02-23 07:51:51 +08:00
503,
{ "Content-Type" => "text/plain" },
[
"Blocked by BlockRequestsMiddleware for requests initiated by #{request.cookies[RSPEC_CURRENT_EXAMPLE_COOKIE_STRING]} when running #{self.class.current_example_location}",
FIX: Improve handling of 'PublicExceptions' when bootstrap_error_pages enabled (#26700) - Run the CSP-nonce-related middlewares on the generated response - Fix the readonly mode checking to avoid empty strings being passed (the `check_readonly_mode` before_action will not execute in the case of these re-dispatched exceptions) - Move the BlockRequestsMiddleware cookie-setting to the middleware, so that it is included even for unusual HTML responses like these exceptions
2024-04-24 16:40:13 +08:00
]
DEV: Ensure that `BlockRequestsMiddleware` cookie is always set (#25826) Why this change? This reverts 725561cf4bddeda0a5cf2f68ed7b76e0c9deead8 as it did not address the root cause of the problem even though it fixed the failing tests we were seeing when running `bundle exec rspec --tag ~type:multisite --order random:776 spec/system/admin_customize_form_templates_spec.rb spec/system/admin_sidebar_navigation_spec.rb spec/system/admin_site_setting_search_spec.rb spec/system/composer/dont_feed_the_trolls_popup_spec.rb spec/system/composer/review_media_unless_trust_level_spec.rb spec/system/create_account_spec.rb spec/system/editing_sidebar_tags_navigation_spec.rb spec/system/email_change_spec.rb spec/system/emojis/emoji_deny_list_spec.rb spec/system/group_activity_spec.rb spec/system/hashtag_autocomplete_spec.rb spec/system/network_disconnected_spec.rb spec/system/post_menu_spec.rb spec/system/post_small_action_spec.rb spec/system/tags_intersection_spec.rb spec/system/topic_list_focus_spec.rb spec/system/topic_page_spec.rb spec/system/user_page/user_profile_info_panel_spec.rb spec/system/viewing_group_members_spec.rb spec/system/viewing_navigation_menu_preferences_spec.rb`. The root cause here is that `before_action`s added to a controller is order dependent. As such, some requests were not setting the cookie because the `before_action` callback was not even hit as a prior `before_action` callbacks has raised an error such as the `check_xhr` `before_action` callback. To resolve the problem, we need to add the `prepend: true` option in our monkey patch of `ApplicationController` to ensure that the `before_action` callback which we have added is always run first. This change also makes a couple of changes: 1. Improve the response body when a request is blocked by the `BlockRequestsMiddleware` middleware so that it makes debugging easier. 2. Only set the cookies for non-xhr HTML format requests. Setting it for other formats is kind of pointless.
2024-02-23 07:51:51 +08:00
]
DEV: Block all incoming requests before resetting Capybara session (#25692) Why this change? We have been debugging flaky system tests and noticed in https://github.com/discourse/discourse/actions/runs/7911902047/job/21596791343?pr=25690 that ActiveRecord connection checkout timeouts are encountered because the Capybara server thread is processing requests even after `Capybara.reset_session!` and ActiveRecord's `teardown_fixtures` have already been call. The theory here is that an inflight request can still hit the Capybara server even after `Capybara.reset_session!` has been called and end up eating up an ActiveRecord connection for too long and also messing with the database outside of a transaction. What does this change do? This change adds a `BlockRequestsMiddleware` middleware in the test environment which is enabled to reject all incoming requests at the end of each system test and before `Capybara.reset_session!` is called. At the start of each RSpec test, the middleware is disabled again.
2024-02-15 16:36:12 +08:00
end
FIX: Improve handling of 'PublicExceptions' when bootstrap_error_pages enabled (#26700) - Run the CSP-nonce-related middlewares on the generated response - Fix the readonly mode checking to avoid empty strings being passed (the `check_readonly_mode` before_action will not execute in the case of these re-dispatched exceptions) - Move the BlockRequestsMiddleware cookie-setting to the middleware, so that it is included even for unusual HTML responses like these exceptions
2024-04-24 16:40:13 +08:00
status, headers, body = @app.call(env)
if headers["Content-Type"]&.match?(/html/) && BlockRequestsMiddleware.current_example_location
headers["Set-Cookie"] = [
headers["Set-Cookie"],
"#{RSPEC_CURRENT_EXAMPLE_COOKIE_STRING}=#{BlockRequestsMiddleware.current_example_location}; path=/;",
].compact.join("\n")
end
[status, headers, body]
DEV: Block all incoming requests before resetting Capybara session (#25692) Why this change? We have been debugging flaky system tests and noticed in https://github.com/discourse/discourse/actions/runs/7911902047/job/21596791343?pr=25690 that ActiveRecord connection checkout timeouts are encountered because the Capybara server thread is processing requests even after `Capybara.reset_session!` and ActiveRecord's `teardown_fixtures` have already been call. The theory here is that an inflight request can still hit the Capybara server even after `Capybara.reset_session!` has been called and end up eating up an ActiveRecord connection for too long and also messing with the database outside of a transaction. What does this change do? This change adds a `BlockRequestsMiddleware` middleware in the test environment which is enabled to reject all incoming requests at the end of each system test and before `Capybara.reset_session!` is called. At the start of each RSpec test, the middleware is disabled again.
2024-02-15 16:36:12 +08:00
end
end
Rails.configuration.middleware.unshift BlockRequestsMiddleware
DEV: Improve multisite testing (#14884) This commit adds the RailsMultisite middleware in test mode when Rails.configuration.multisite is true. This allows for much more realistic integration testing. The `multisite_spec.rb` file is rewritten to avoid needing to simulate a middleware stack.
2021-11-12 00:44:58 +08:00
elsif Rails.configuration.multisite
FIX: Use asset_hostnames in rails_multisite We want to respond to the x-forwarded-for host from the CDN too.
2020-09-17 17:11:57 +08:00
assets_hostnames = GlobalSetting.cdn_hostnames
if assets_hostnames.empty?
assets_hostnames = Discourse::Application.config.database_configuration[Rails.env]["host_names"]
end
RailsMultisite::ConnectionManagement.asset_hostnames = assets_hostnames
SECURITY: __ws shouldn't be able to override every domain in multisite
2020-09-15 17:07:03 +08:00
Revert "Revert "DEV: upgrade to Rails 6.0.3"" This reverts commit 2ff8b4f5d9dd72a55d7ebdc23a3758dd5ec4682d. Attempt #2 at a Rails update this time we also update the rails_multisite gem to allow for cleaner reordering
2020-05-08 08:44:51 +08:00
# Multisite needs to be first, because the request tracker and message bus rely on it
Rails.configuration.middleware.unshift RailsMultisite::Middleware,
RailsMultisite::DiscoursePatches.config
Rails.configuration.middleware.delete ActionDispatch::Executor
DEV: Make rails_failover compatible with `SKIP_DB_AND_REDIS` env.
2020-06-15 16:23:24 +08:00
DEV: Fix undefined method due to rails_failover.
2020-06-16 11:03:47 +08:00
if defined?(RailsFailover::ActiveRecord) && Rails.configuration.active_record_rails_failover
DEV: Make rails_failover compatible with `SKIP_DB_AND_REDIS` env.
2020-06-15 16:23:24 +08:00
Rails.configuration.middleware.insert_after(
RailsMultisite::Middleware,
RailsFailover::ActiveRecord::Middleware,
)
end
DEV: Auto-allow multisite hosts in dev (#17246)
2022-06-28 03:58:33 +08:00
if Rails.env.development?
# Automatically allow development multisite hosts
RailsMultisite::ConnectionManagement.instance.db_spec_cache.each do |db, specification|
next if db == "default"
Rails.configuration.hosts.concat(specification.spec.configuration_hash[:host_names])
end
end
DEV: Fix undefined method due to rails_failover.
2020-06-16 11:03:47 +08:00
elsif defined?(RailsFailover::ActiveRecord) && Rails.configuration.active_record_rails_failover
DEV: Use rails_failover gem for ActiveRecord and Redis failover handling
2020-06-11 13:45:46 +08:00
Rails.configuration.middleware.insert_before(
MessageBus::Rack::Middleware,
RailsFailover::ActiveRecord::Middleware,
)
DEV: Update rails_failover so that we can move middleware up the stack.
2020-06-04 17:13:59 +08:00
end
Reference in New Issue Copy Permalink