I am trying to implement an OAuth provider in Rails 3. When I try to authorize a client app I get this error. I am using the RESTful auth plugin and pelles OAuth-plugin. When I was testing via the Rails console and getting this error I thought that I simply needed to encode the URLs but I get the same error when testing in browser so I am not sure what is wrong.
I got into trouble with URI.split (returning this error), I don't know if this helps you, but I will post here some warnings for also someone else having this error:
Check your url is not nil, and it's a valid one.
Do URI.encode(url) before URI.parse (to avoid special characters)
Do strip to the string you pass to URI.parse (to avoid leading and trailing whitespaces).
All in one:
uri = URI.parse(URI.encode(url.strip))
Related resource: http://www.practicalguile.com/2007/09/15/raising-uriinvalidurierror-from-a-perfectly-valid-uri/
You can also use this alternative URI gem: https://github.com/sporkmonger/addressable
There is no such problems with it.
Very native, just add namespace in your code after installing the gem
Addressable::URI
try this:
safeurl = URI.encode(url.strip)
response = RestClient.get(safeurl)
I'm here because I faced an issue with the fastlane. It's been written with Ruby thus my answer can be helpful.
In my case, I had the environment variables http_proxy = XX.XX.XX.XX:XXXX and https_proxy = ...
When I changed them to http_proxy = http://XX.XX.XX.XX:XXXX and https_proxy = https://... respectivle the issue has gone.
Related
I have scoured the Internet without finding an adequate solution, so I'm here to ask the SO community for help.
I'm migrating a rails 2 app on Heroku Bamboo to Cedar. Concomitantly, I am moving to rails 3 and ruby 2.0.0 (though I get this error with ruby 1.9.3 as well).
It seems that MongoMapper has undergone a bit a change from 0.8.6, to the point where I can't use our old initializer anymore. I'm attempting to use the latest 0.13.1 version of mongo_mapper.
According to https://devcenter.heroku.com/articles/mongohq, I just need to set config/mongo.yml to:
production:
uri: <%= ENV['MONGOHQ_URL'] %>
and I'm all set (I also commented out the old initializer code). However, it fails with the following connection error:
Feb 05 11:18:28 my-app-name app/web.1: /app/vendor/ruby-2.0.0/lib/ruby/2.0.0/uri/generic.rb:214:in `initialize': the scheme mongodb does not accept registry part: heroku:2QMdYzo6z5nmJJsmWAWKd_205umc05tBuP2ZodGaNDZ7N5rE4ns09jhsfFBjmkQ2ls_rfTiVC0lD24Y2byDXbg#candidate.21.mongolayer.com:10499,candidate.4.mongolayer.com:10625 (or bad hostname?) (URI::InvalidURIError)
An invalid URI is understandable, but that's what being fed to me by Heroku. What do I am missing in order to for the uri parser to accept it?
Thank you in advance.
The answer lies in the presence of that comma (,) in the uri. When I removed the second host and the comma, it behaved correctly :-)
Specifically, I created a Heroku ENV variable called MONGOHQ_URL2 without the second host name, then updated my config/mongo.yml to use that one instead.
Can anyone please tell me why the following URL returns a 406 error:
http://kolek.to/functions/remote-upload.php?url=http%3A%2F%2Fben-major.co.uk%2Fhosting%2Fbm-equipment%2Faxe-2.jpg&item_id=2
Removing the ?url= parameter seems to make everything fine:
http://kolek.to/functions/remote-upload.php?item_id=2
For your reference, the content of remote-upload.php is as follows:
<?php
require_once('../models/api.php');
$request_url = urldecode($_REQUEST['url']);
$item_id = $_REQUEST['item_id'];
echo $item_id;
?>
I think that this is due to the security filter from your server (I see in the response header that is Apache).
In your case is Apache mod_security that is turned on by default. While you can use the following to diagnose the problem (turning the filter off should resolve the issue) by running this command on the server:
SecFilterEngine off
BUT do this only for checking if the problem is the security filter, I discourage to leave the filter off (danger of injection and spam attacks).
If you see that is the filter that is the cause of the problem, try to put your request in the whitelist:
HERE you can find the guide and HERE is the main website.
The problem
I'm getting the error:
ActionDispatch::RemoteIp::IpSpoofAttackError (IP spoofing attack?!HTTP_CLIENT_IP="203.29.78.157"HTTP_X_FORWARDED_FOR="172.20.19.214, 116.50.58.180"):
when some people visit my Rails 3.0.10 application and log in or confirm their email address. I'm using Devise.
What I've tried
http://pivotallabs.com/users/jay/blog/articles/1216-standup-4-7-2010-disabling-rails-ip-spoofing-safeguard
So within production.rb I've added:
config.action_controller.ip_spoofing_check = false
I've also tried adding it to environment.rb:
Things3::Application.configure do
config.action_mailer.delivery_method = :smtp
config.action_controller.ip_spoofing_check = false
end
I still get the error. What am I missing?
Note that the method "config.action_controller.ip_spoofing_check=" has deprecation warnings starting 3.0, and now won't work on 3.2. Use the following method call instead:
config.action_dispatch.ip_spoofing_check = false
This blog post might help: it explains why this error occur and how to disable ip spoofing while retaining the security check https://github.com/phinze/writeheavy.com/blob/master/_posts/2011-07-31-when-its-ok-to-turn-of-rails-ip-spoof-checking.markdown
This started working for me right after I posted this. I made a mistake testing it when I'd added it to environment.rb.
I'm running Rails 3.1 with PhusionPassenger and NGINX in the back. I'm sending requests via a simple HttpClient (GrahpicalHttpClient for OS X). My code expects a token and an ID in the header to verify the authenticity of the caller. In developement mode this is no problem, but once I move it into production the header variables go missing. Nothing is displayed.
Here is the code:
#caller = Person.check_authentication_token(request.headers['person_id'], request.headers['authentication_token'])
The method check_authentication_token returns nil if either variable is nil. As I said, this works fine in development but the request.headers['person_id'] and request.headers['authentication_token'] are both nil in production. Has anyone else seen this issue before?
Nginx defaults to considering underscores in request headers invalid and subsequently removes them, see http://wiki.nginx.org/HttpCoreModule#underscores_in_headers for how to fix this.
I'm new to rails and ruby and was able to stitch together my first app and launch it on heroku. All is well, and now I'm trying to solve the problem of how to manage my data. I found the plugin called "admin_data" and it seemed to be the right choice.
Admin_data works great locally but when I deploy it to heroku I just get the message "We're sorry, but something went wrong. (500)". If I restrict access I get the correct response of "not authorized".
I have no idea what's going wrong, and more importantly, don't know how to look into the cause of the error. Any tips on getting a verbose message from heroku or tuning admin_data are much appreciated.
Thanks!
'admin_data' by default only works in a 'development' environment.
You can either set your Heroku app to 'development' environment (http://docs.heroku.com/config-vars) or add your environment to an 'admin_data' config file (config instructions for a Rails 3 app are here: https://github.com/neerajdotname/admin_data/wiki/admin_data-security-configuration-for-a-Rails3-application):
AdminData.config do |config|
config.is_allowed_to_view = lambda {|controller| return true if (Rails.env.development? || Rails.env.test?) }
config.is_allowed_to_update = lambda {|controller| return true if (Rails.env.development? || Rails.env.test?) }
end