Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[rack-protection] origin_whitelist results in ArgumentError for rack-protection 2.1.0 #1641

Closed
takeshi-yashiro opened this issue Sep 17, 2020 · 1 comment
Closed

[rack-protection] origin_whitelist results in ArgumentError for rack-protection 2.1.0 #1641

takeshi-yashiro opened this issue Sep 17, 2020 · 1 comment

Comments

@takeshi-yashiro
Copy link
Contributor

After upgrading rack-protection from 2.0.8 to 2.1.0, the following error is caused:

ERROR -- : app error: wrong number of arguments (given 1, expected 2) (ArgumentError) 
ERROR -- : /usr/local/bundle/gems/rack-protection-2.1.0/lib/rack/protection/base.rb:58:in `warn' 
ERROR -- : /usr/local/bundle/gems/rack-protection-2.1.0/lib/rack/protection/http_origin.rb:37:in `accepts?'
...

when origin_whitelist option is specified.

It seems that this problem is caused by the lack of env parameter passed to warn method at https://github.com/sinatra/sinatra/blob/master/rack-protection/lib/rack/protection/http_origin.rb#L37 , as warn method requires two arguments: https://github.com/sinatra/sinatra/blob/master/rack-protection/lib/rack/protection/base.rb#L58
@jkowens
Copy link
Member

jkowens commented Sep 17, 2020
edited
Loading

Oh goodness, not sure how we missed that 😬

Would you mind sending up a PR to pass along the env as well? I think adding a test to make sure origin_whitelist is still working would be beneficial as well.

sinatra/rack-protection/spec/lib/rack/protection/http_origin_spec.rb

Line 38 in 166da30

it "accepts #{method} requests with whitelisted Origin" do

@takeshi-yashiro takeshi-yashiro mentioned this issue Sep 18, 2020
Merged
namusyaka added a commit that referenced this issue Sep 25, 2020
@namusyaka
Merge pull request #1642 from takeshi-yashiro/fix-broken-origin-white…
eebec27 
…list

Fix broken origin_whitelist option #1641
@jkowens jkowens closed this as completed Oct 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jkowens @takeshi-yashiro