I’m not quite sure where this belongs, and this is my first time posting here, so let me know if it belongs somewhere else (or if it’s already been discussed).
I’d like to have a list of paths to skip when checking the request host against the allow list. I have a Rails app with nginx running behind a load balancer on AWS, and the load balancer’s health check uses an endpoint in my application that just returns
head :ok. I could respond to the health check with nginx, but I want it to tell me whether Rails is actually up and running. However, the host that Rails sees on that health check request is the load balancer’s IP address, which I can’t add to my
config.hosts list because that would tie the code to the infrastructure. I basically just need a way to skip the host check for that one endpoint.
I monkey-patched the Rails code locally and it seems like this would be pretty easy to do. I added a
@host_check_skip_paths array (open to feedback on the name) to
Rails::Application::Configuration, and then I set
config.host_check_skip_paths << '/healthcheck'
in my application config. The default middleware stack then has this:
middleware.use ::ActionDispatch::HostAuthorization, config.hosts, config.host_check_skip_paths, config.action_dispatch.hosts_response_app
And then the HostAuthorization middleware has this:
def initialize(app, hosts, host_check_skip_paths = , response_app = nil) @app = app @host_check_skip_paths = host_skip_paths end private def authorized?(request) return true if @host_check_skip_paths.include?(request.path) # otherwise proceed as before end
Let me know what you think, or if there’s already a way to do this that I’m just missing. Haven’t had much luck searching for a solution. Thanks!