better_errors 2.7.1 → 2.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +22 -0
- data/lib/better_errors/error_page.rb +19 -2
- data/lib/better_errors/middleware.rb +58 -11
- data/lib/better_errors/templates/main.erb +24 -2
- data/lib/better_errors/templates/variable_info.erb +8 -1
- data/lib/better_errors/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 10f7411145be495cf17cbebdf087e1bb21fe8c6fc8c07397fa406e7fc1f9f917
|
|
4
|
+
data.tar.gz: 3b14b75eaa97285c3ad5f685671348694aa7174cc43e52826e49e21a2f139b0d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 141e1056c402ed7b0aa0965278018096ca1d2bc4032072692c1f146ad09d6848d87792d665ecc6dcb41322594e91d9a5e27955edc560bb665a2995f150c0be4e
|
|
7
|
+
data.tar.gz: 03a94aa9fdcd0340b1fdf913a52978437692587efabe196ebb119087712086cc304289ec1c684ab4efbdece115a4bd1298b57bf58699a0d672f76f6aa196793b
|
data/README.md
CHANGED
|
@@ -35,6 +35,28 @@ end
|
|
|
35
35
|
|
|
36
36
|
_Note: If you discover that Better Errors isn't working - particularly after upgrading from version 0.5.0 or less - be sure to set `config.consider_all_requests_local = true` in `config/environments/development.rb`._
|
|
37
37
|
|
|
38
|
+
### Optional: Set `EDITOR`
|
|
39
|
+
|
|
40
|
+
For many reasons outside of Better Errors, you should have the `EDITOR` environment variable set to your preferred
|
|
41
|
+
editor.
|
|
42
|
+
Better Errors, like many other tools, will use that environment variable to show a link that opens your
|
|
43
|
+
editor to the file and line from the console.
|
|
44
|
+
|
|
45
|
+
By default the links will open TextMate-protocol links.
|
|
46
|
+
|
|
47
|
+
To see if your editor is supported or to set up a different editor, see [the wiki](https://github.com/BetterErrors/better_errors/wiki/Link-to-your-editor).
|
|
48
|
+
|
|
49
|
+
### Optional: Set `BETTER_ERRORS_INSIDE_FRAME`
|
|
50
|
+
|
|
51
|
+
If your application is running inside of an iframe, or if you have a Content Security Policy that disallows links
|
|
52
|
+
to other protocols, the editor links will not work.
|
|
53
|
+
|
|
54
|
+
To work around this set `BETTER_ERRORS_INSIDE_FRAME=1` in the environment, and the links will include `target=_blank`,
|
|
55
|
+
allowing the link to open regardless of the policy.
|
|
56
|
+
|
|
57
|
+
_This works because it opens the editor from a new browser tab, escaping from the restrictions of your site._
|
|
58
|
+
_Unfortunately it leaves behind an empty tab each time, so only use this if needed._
|
|
59
|
+
|
|
38
60
|
## Security
|
|
39
61
|
|
|
40
62
|
**NOTE:** It is *critical* you put better\_errors only in the **development** section of your Gemfile.
|
|
@@ -26,8 +26,13 @@ module BetterErrors
|
|
|
26
26
|
@id ||= SecureRandom.hex(8)
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
def render(template_name = "main")
|
|
29
|
+
def render(template_name = "main", csrf_token = nil)
|
|
30
30
|
binding.eval(self.class.template(template_name).src)
|
|
31
|
+
rescue => e
|
|
32
|
+
# Fix the backtrace, which doesn't identify the template that failed (within Better Errors).
|
|
33
|
+
# We don't know the line number, so just injecting the template path has to be enough.
|
|
34
|
+
e.backtrace.unshift "#{self.class.template_path(template_name)}:0"
|
|
35
|
+
raise
|
|
31
36
|
end
|
|
32
37
|
|
|
33
38
|
def do_variables(opts)
|
|
@@ -59,7 +64,19 @@ module BetterErrors
|
|
|
59
64
|
end
|
|
60
65
|
|
|
61
66
|
def exception_message
|
|
62
|
-
exception.message.
|
|
67
|
+
exception.message.strip.gsub(/(\r?\n\s*\r?\n)+/, "\n")
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
def active_support_actions
|
|
71
|
+
return [] unless defined?(ActiveSupport::ActionableError)
|
|
72
|
+
|
|
73
|
+
ActiveSupport::ActionableError.actions(exception.type)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def action_dispatch_action_endpoint
|
|
77
|
+
return unless defined?(ActionDispatch::ActionableExceptions)
|
|
78
|
+
|
|
79
|
+
ActionDispatch::ActionableExceptions.endpoint
|
|
63
80
|
end
|
|
64
81
|
|
|
65
82
|
def application_frames
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require "json"
|
|
2
2
|
require "ipaddr"
|
|
3
|
+
require "securerandom"
|
|
3
4
|
require "set"
|
|
4
5
|
require "rack"
|
|
5
6
|
|
|
@@ -39,6 +40,8 @@ module BetterErrors
|
|
|
39
40
|
allow_ip! "127.0.0.0/8"
|
|
40
41
|
allow_ip! "::1/128" rescue nil # windows ruby doesn't have ipv6 support
|
|
41
42
|
|
|
43
|
+
CSRF_TOKEN_COOKIE_NAME = 'BetterErrors-CSRF-Token'
|
|
44
|
+
|
|
42
45
|
# A new instance of BetterErrors::Middleware
|
|
43
46
|
#
|
|
44
47
|
# @param app The Rack app/middleware to wrap with Better Errors
|
|
@@ -72,7 +75,7 @@ module BetterErrors
|
|
|
72
75
|
def better_errors_call(env)
|
|
73
76
|
case env["PATH_INFO"]
|
|
74
77
|
when %r{/__better_errors/(?<id>.+?)/(?<method>\w+)\z}
|
|
75
|
-
internal_call
|
|
78
|
+
internal_call(env, $~[:id], $~[:method])
|
|
76
79
|
when %r{/__better_errors/?\z}
|
|
77
80
|
show_error_page env
|
|
78
81
|
else
|
|
@@ -89,11 +92,14 @@ module BetterErrors
|
|
|
89
92
|
end
|
|
90
93
|
|
|
91
94
|
def show_error_page(env, exception=nil)
|
|
95
|
+
request = Rack::Request.new(env)
|
|
96
|
+
csrf_token = request.cookies[CSRF_TOKEN_COOKIE_NAME] || SecureRandom.uuid
|
|
97
|
+
|
|
92
98
|
type, content = if @error_page
|
|
93
99
|
if text?(env)
|
|
94
100
|
[ 'plain', @error_page.render('text') ]
|
|
95
101
|
else
|
|
96
|
-
[ 'html', @error_page.render ]
|
|
102
|
+
[ 'html', @error_page.render('main', csrf_token) ]
|
|
97
103
|
end
|
|
98
104
|
else
|
|
99
105
|
[ 'html', no_errors_page ]
|
|
@@ -104,12 +110,22 @@ module BetterErrors
|
|
|
104
110
|
status_code = ActionDispatch::ExceptionWrapper.new(env, exception).status_code
|
|
105
111
|
end
|
|
106
112
|
|
|
107
|
-
|
|
113
|
+
response = Rack::Response.new(content, status_code, { "Content-Type" => "text/#{type}; charset=utf-8" })
|
|
114
|
+
|
|
115
|
+
unless request.cookies[CSRF_TOKEN_COOKIE_NAME]
|
|
116
|
+
response.set_cookie(CSRF_TOKEN_COOKIE_NAME, value: csrf_token, httponly: true, same_site: :strict)
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
# In older versions of Rack, the body returned here is actually a Rack::BodyProxy which seems to be a bug.
|
|
120
|
+
# (It contains status, headers and body and does not act like an array of strings.)
|
|
121
|
+
# Since we already have status code and body here, there's no need to use the ones in the Rack::Response.
|
|
122
|
+
(_status_code, headers, _body) = response.finish
|
|
123
|
+
[status_code, headers, [content]]
|
|
108
124
|
end
|
|
109
125
|
|
|
110
126
|
def text?(env)
|
|
111
127
|
env["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest" ||
|
|
112
|
-
|
|
128
|
+
!env["HTTP_ACCEPT"].to_s.include?('html')
|
|
113
129
|
end
|
|
114
130
|
|
|
115
131
|
def log_exception
|
|
@@ -129,13 +145,22 @@ module BetterErrors
|
|
|
129
145
|
end
|
|
130
146
|
end
|
|
131
147
|
|
|
132
|
-
def internal_call(env,
|
|
148
|
+
def internal_call(env, id, method)
|
|
149
|
+
return not_found_json_response unless %w[variables eval].include?(method)
|
|
133
150
|
return no_errors_json_response unless @error_page
|
|
134
|
-
return invalid_error_json_response if
|
|
151
|
+
return invalid_error_json_response if id != @error_page.id
|
|
152
|
+
|
|
153
|
+
request = Rack::Request.new(env)
|
|
154
|
+
return invalid_csrf_token_json_response unless request.cookies[CSRF_TOKEN_COOKIE_NAME]
|
|
155
|
+
|
|
156
|
+
request.body.rewind
|
|
157
|
+
body = JSON.parse(request.body.read)
|
|
158
|
+
return invalid_csrf_token_json_response unless request.cookies[CSRF_TOKEN_COOKIE_NAME] == body['csrfToken']
|
|
159
|
+
|
|
160
|
+
return not_acceptable_json_response unless request.content_type == 'application/json'
|
|
135
161
|
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
[200, { "Content-Type" => "text/plain; charset=utf-8" }, [JSON.dump(response)]]
|
|
162
|
+
response = @error_page.send("do_#{method}", body)
|
|
163
|
+
[200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(response)]]
|
|
139
164
|
end
|
|
140
165
|
|
|
141
166
|
def no_errors_page
|
|
@@ -157,18 +182,40 @@ module BetterErrors
|
|
|
157
182
|
"The application has been restarted since this page loaded, " +
|
|
158
183
|
"or the framework is reloading all gems before each request "
|
|
159
184
|
end
|
|
160
|
-
[200, { "Content-Type" => "
|
|
185
|
+
[200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
|
|
161
186
|
error: 'No exception information available',
|
|
162
187
|
explanation: explanation,
|
|
163
188
|
)]]
|
|
164
189
|
end
|
|
165
190
|
|
|
166
191
|
def invalid_error_json_response
|
|
167
|
-
[200, { "Content-Type" => "
|
|
192
|
+
[200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
|
|
168
193
|
error: "Session expired",
|
|
169
194
|
explanation: "This page was likely opened from a previous exception, " +
|
|
170
195
|
"and the exception is no longer available in memory.",
|
|
171
196
|
)]]
|
|
172
197
|
end
|
|
198
|
+
|
|
199
|
+
def invalid_csrf_token_json_response
|
|
200
|
+
[200, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
|
|
201
|
+
error: "Invalid CSRF Token",
|
|
202
|
+
explanation: "The browser session might have been cleared, " +
|
|
203
|
+
"or something went wrong.",
|
|
204
|
+
)]]
|
|
205
|
+
end
|
|
206
|
+
|
|
207
|
+
def not_found_json_response
|
|
208
|
+
[404, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
|
|
209
|
+
error: "Not found",
|
|
210
|
+
explanation: "Not a recognized internal call.",
|
|
211
|
+
)]]
|
|
212
|
+
end
|
|
213
|
+
|
|
214
|
+
def not_acceptable_json_response
|
|
215
|
+
[406, { "Content-Type" => "application/json; charset=utf-8" }, [JSON.dump(
|
|
216
|
+
error: "Request not acceptable",
|
|
217
|
+
explanation: "The internal request did not match an acceptable content type.",
|
|
218
|
+
)]]
|
|
219
|
+
end
|
|
173
220
|
end
|
|
174
221
|
end
|
|
@@ -146,6 +146,14 @@
|
|
|
146
146
|
}
|
|
147
147
|
|
|
148
148
|
/* Heading */
|
|
149
|
+
header.exception .fix-actions {
|
|
150
|
+
margin-top: .5em;
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
header.exception .fix-actions input[type=submit] {
|
|
154
|
+
font-weight: bold;
|
|
155
|
+
}
|
|
156
|
+
|
|
149
157
|
header.exception h2 {
|
|
150
158
|
font-weight: 200;
|
|
151
159
|
font-size: 11pt;
|
|
@@ -153,7 +161,7 @@
|
|
|
153
161
|
|
|
154
162
|
header.exception h2,
|
|
155
163
|
header.exception p {
|
|
156
|
-
line-height: 1.
|
|
164
|
+
line-height: 1.5em;
|
|
157
165
|
overflow: hidden;
|
|
158
166
|
white-space: pre;
|
|
159
167
|
text-overflow: ellipsis;
|
|
@@ -166,7 +174,7 @@
|
|
|
166
174
|
|
|
167
175
|
header.exception p {
|
|
168
176
|
font-weight: 200;
|
|
169
|
-
font-size:
|
|
177
|
+
font-size: 17pt;
|
|
170
178
|
color: white;
|
|
171
179
|
}
|
|
172
180
|
|
|
@@ -744,6 +752,18 @@
|
|
|
744
752
|
<header class="exception">
|
|
745
753
|
<h2><strong><%= exception_type %></strong> <span>at <%= request_path %></span></h2>
|
|
746
754
|
<p><%= exception_message %></p>
|
|
755
|
+
<% unless active_support_actions.empty? %>
|
|
756
|
+
<div class='fix-actions'>
|
|
757
|
+
<% active_support_actions.each do |action, _| %>
|
|
758
|
+
<form class="button_to" method="post" action="<%= action_dispatch_action_endpoint %>">
|
|
759
|
+
<input type="submit" value="<%= action %>">
|
|
760
|
+
<input type="hidden" name="action" value="<%= action %>">
|
|
761
|
+
<input type="hidden" name="error" value="<%= exception_type %>">
|
|
762
|
+
<input type="hidden" name="location" value="<%= request_path %>">
|
|
763
|
+
</form>
|
|
764
|
+
<% end %>
|
|
765
|
+
</div>
|
|
766
|
+
<% end %>
|
|
747
767
|
</header>
|
|
748
768
|
</div>
|
|
749
769
|
|
|
@@ -780,6 +800,7 @@
|
|
|
780
800
|
(function() {
|
|
781
801
|
|
|
782
802
|
var OID = "<%= id %>";
|
|
803
|
+
var csrfToken = "<%= csrf_token %>";
|
|
783
804
|
|
|
784
805
|
var previousFrame = null;
|
|
785
806
|
var previousFrameInfo = null;
|
|
@@ -790,6 +811,7 @@
|
|
|
790
811
|
var req = new XMLHttpRequest();
|
|
791
812
|
req.open("POST", "//" + window.location.host + <%== uri_prefix.gsub("<", "<").inspect %> + "/__better_errors/" + OID + "/" + method, true);
|
|
792
813
|
req.setRequestHeader("Content-Type", "application/json");
|
|
814
|
+
opts.csrfToken = csrfToken;
|
|
793
815
|
req.send(JSON.stringify(opts));
|
|
794
816
|
req.onreadystatechange = function() {
|
|
795
817
|
if(req.readyState == 4) {
|
|
@@ -1,7 +1,14 @@
|
|
|
1
1
|
<header class="trace_info clearfix">
|
|
2
2
|
<div class="title">
|
|
3
3
|
<h2 class="name"><%= @frame.name %></h2>
|
|
4
|
-
<div class="location"
|
|
4
|
+
<div class="location">
|
|
5
|
+
<span class="filename">
|
|
6
|
+
<a
|
|
7
|
+
href="<%= editor_url(@frame) %>"
|
|
8
|
+
<%= ENV.key?('BETTER_ERRORS_INSIDE_FRAME') ? "target=_blank" : '' %>
|
|
9
|
+
><%= @frame.pretty_path %></a>
|
|
10
|
+
</span>
|
|
11
|
+
</div>
|
|
5
12
|
</div>
|
|
6
13
|
<div class="code_block clearfix">
|
|
7
14
|
<%== html_formatted_code_block @frame %>
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: better_errors
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Charlie Somerville
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-09-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|