You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
implementation in my development environment, all my /mini-profiler-resources/results requests were failing despite my ApplicationController doing Rack::MiniProfiler.authorize_request in a before_action on every request. After some investigating I found that when loading my assets (via rails), they responded with a Set-Cookie header that was deleting my __profilin cookie.
Even though my assets path was included in the skip_paths variable automatically and the skip_it variable was set to true
the header to delete the cookie would still be set in handle_cookie, deauthorizing the client when the server loaded the asset.
skip_it = matches_action?('skip', env) || (
@config.skip_paths &&
@config.skip_paths.any? do |p|
if p.instance_of?(String)
path.start_with?(p)
elsif p.instance_of?(Regexp)
p.match?(path)
end
end
)
if skip_it
return client_settings.handle_cookie(@app.call(env))
end
def handle_cookie(result)
status, headers, _body = result
if (MiniProfiler.config.authorization_mode == :allow_authorized && !MiniProfiler.request_authorized?)
# this is non-obvious, don't kill the profiling cookie on errors or short requests
# this ensures that stuff that never reaches the rails stack does not kill profiling
if status.to_i >= 200 && status.to_i < 300 && ((Process.clock_gettime(Process::CLOCK_MONOTONIC) - @start) > 0.1)
discard_cookie!(headers)
end
else
write!(headers)
end
result
end
I created a patch for my own company to avoid deauthorizing specifically for that handle_cookie call, however I'm not sure if that is appropriate for the other condition checked in the same area as the skip_paths is checked. Hopefully i'm not missing some critical setup step that caused this.
When trying to validate my
implementation in my development environment, all my
/mini-profiler-resources/resultsrequests were failing despite my ApplicationController doingRack::MiniProfiler.authorize_requestin abefore_actionon every request. After some investigating I found that when loading my assets (via rails), they responded with a Set-Cookie header that was deleting my __profilin cookie.Even though my assets path was included in the
skip_pathsvariable automatically and theskip_itvariable was set to truethe header to delete the cookie would still be set in
handle_cookie, deauthorizing the client when the server loaded the asset.https://github.com/MiniProfiler/rack-mini-profiler/blob/5e42a57acab20125f910c0f29d82f19e7220ff31/lib/mini_profiler.rb#L168C1-L180C10
https://github.com/MiniProfiler/rack-mini-profiler/blob/5e42a57acab20125f910c0f29d82f19e7220ff31/lib/mini_profiler/client_settings.rb#L42C1-L56C10
I created a patch for my own company to avoid deauthorizing specifically for that
handle_cookiecall, however I'm not sure if that is appropriate for the other condition checked in the same area as the skip_paths is checked. Hopefully i'm not missing some critical setup step that caused this.master...Vidcruiter:rack-mini-profiler:master
The text was updated successfully, but these errors were encountered: