diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2020-01-02 17:14:58 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-01-02 17:14:58 +0100 |
commit | 09d54d1f626163fcc6e282544dfc9939fd3cdfd3 (patch) | |
tree | 4e19c261bb8cdc3d64228a0299072a286d409fa3 /config | |
parent | 9edab7afafd6f6db9338ada83a84b2ef14f397a9 (diff) |
Fix uncaught query param encoding errors (#12741)
Diffstat (limited to 'config')
-rw-r--r-- | config/application.rb | 2 | ||||
-rw-r--r-- | config/initializers/rack_attack.rb | 3 |
2 files changed, 2 insertions, 3 deletions
diff --git a/config/application.rb b/config/application.rb index e1f7ae707..58e59fd51 100644 --- a/config/application.rb +++ b/config/application.rb @@ -7,6 +7,7 @@ require 'rails/all' Bundler.require(*Rails.groups) require_relative '../app/lib/exceptions' +require_relative '../app/middleware/handle_bad_encoding_middleware' require_relative '../lib/paperclip/lazy_thumbnail' require_relative '../lib/paperclip/gif_transcoder' require_relative '../lib/paperclip/video_transcoder' @@ -118,6 +119,7 @@ module Mastodon config.active_job.queue_adapter = :sidekiq + config.middleware.insert_before Rack::Runtime, HandleBadEncodingMiddleware config.middleware.use Rack::Attack config.middleware.use Rack::Deflater diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index 273cac9ca..3cd7ea3a6 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -46,10 +46,7 @@ class Rack::Attack PROTECTED_PATHS_REGEX = Regexp.union(PROTECTED_PATHS.map { |path| /\A#{Regexp.escape(path)}/ }) - # Always allow requests from localhost - # (blocklist & throttles are skipped) Rack::Attack.safelist('allow from localhost') do |req| - # Requests are allowed if the return value is truthy req.remote_ip == '127.0.0.1' || req.remote_ip == '::1' end |