haileys
commented
10 years ago BetterErrors::Middleware.allow_ip! "0.0.0.0/0"Closed jtoy closed 10 years ago
haileys
commented
10 years ago BetterErrors::Middleware.allow_ip! "0.0.0.0/0"I'd just like to note that this is probably a bad idea and you should seriously consider the consequences before allowing open access from any IP.
Why do you need to allow open access? There's probably a better solution we can figure out.
jtoy
commented
10 years ago In development mode why would anyone care if its open? Its so people wouldn't need to set a specific IP when they are developing with a virtual box.
haileys
commented
10 years ago In drvrlioment mode why would anyone care if its open?
Rails listens on all interfaces by default. Leaving Better Errors open to all clients would mean anyone on an untrusted network (eg. cafes, airports, coworking spaces, etc.) is vulnerable to remote code execution unless they tell Rails to only listen on 127.0.0.1 when booting the dev server.
entrity
commented
10 years ago What about on a QA/staging machine which resides on an intranet? I think it may be a worthwhile configuration in such cases.
haileys
commented
10 years ago @Vaselinessa In such a case you can simply allow access from all IPs with BetterErrors::Middleware.allow_ip!. This is far from a common use case though.
entrity
commented
10 years ago I agree absolutely. I don't think that any change to the gem is indicated here. I only wished to offer some defense because I thought that @jtoy (and others) may have a valid use case.
BetterErrors::Middleware.allow_all_ips! to make life easier