sjs/rack-attack
1
0
Fork 0
mirror of https://github.com/samsonjs/rack-attack.git synced 2026-03-25 09:25:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Clarify Calling HTTP_APIKey header in example (#488)

Browse source 
* Clarify Calling HTTP_ header in example

In trying to track down a bug here turns out I was trying to reference the wrong header shown in the readme. 

Printing our `request.env` it becomes clear this is just the full request object:

```
{"rack.version"=>[1, 3],
 "rack.errors"=>#<IO:<STDERR>>,
 "rack.multithread"=>true,
 "rack.multiprocess"=>false,
 "rack.run_once"=>false,
 "SCRIPT_NAME"=>"",
 "QUERY_STRING"=>"",
 "SERVER_PROTOCOL"=>"HTTP/1.1",
 "SERVER_SOFTWARE"=>"puma 4.3.5 Mysterious Traveller",
 "GATEWAY_INTERFACE"=>"CGI/1.2",
 "REQUEST_METHOD"=>"POST",
 "REQUEST_PATH"=>"/api/v1/....",
 "REQUEST_URI"=>"/api/v1/...",
 "HTTP_VERSION"=>"HTTP/1.1",
 "HTTP_HOST"=>"example.com",
 "HTTP_APIKEY"=>"secret_key",
 "CONTENT_TYPE"=>"application/json",
 "HTTP_USER_AGENT"=>"PostmanRuntime/7.25.0",
 "HTTP_ACCEPT"=>"*/*",
 "HTTP_CACHE_CONTROL"=>"no-cache",
...
```

* Update README.md
This commit is contained in:
Tristan Toye 2020-06-07 12:11:30 -04:00 committed by GitHub
parent e148cf2a73
commit f92889b360
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -135,7 +135,7 @@ E.g.
# Provided that trusted users use an HTTP request header named APIKey
Rack::Attack.safelist("mark any authenticated access safe") do |request|
# Requests are allowed if the return value is truthy
request.env["APIKey"] == "secret-string"
request.env["HTTP_APIKEY"] == "secret-string"
end
# Always allow requests from localhost