Closed jtoy closed 10 years ago
BetterErrors::Middleware.allow_ip! "0.0.0.0/0"
I'd just like to note that this is probably a bad idea and you should seriously consider the consequences before allowing open access from any IP.
Why do you need to allow open access? There's probably a better solution we can figure out.
In development mode why would anyone care if its open? Its so people wouldn't need to set a specific IP when they are developing with a virtual box.
In drvrlioment mode why would anyone care if its open?
Rails listens on all interfaces by default. Leaving Better Errors open to all clients would mean anyone on an untrusted network (eg. cafes, airports, coworking spaces, etc.) is vulnerable to remote code execution unless they tell Rails to only listen on 127.0.0.1
when booting the dev server.
What about on a QA/staging machine which resides on an intranet? I think it may be a worthwhile configuration in such cases.
@Vaselinessa In such a case you can simply allow access from all IPs with BetterErrors::Middleware.allow_ip!
. This is far from a common use case though.
I agree absolutely. I don't think that any change to the gem is indicated here. I only wished to offer some defense because I thought that @jtoy (and others) may have a valid use case.
BetterErrors::Middleware.allow_all_ips! to make life easier