Skip to content

Instantly share code, notes, and snippets.

@charlespeach

charlespeach/reject-trace.md

Last active January 30, 2020 22:50
Show Gist options
  • Save charlespeach/fa7af677104e75ab94dbc06fb76c60cd to your computer and use it in GitHub Desktop.
Save charlespeach/fa7af677104e75ab94dbc06fb76c60cd to your computer and use it in GitHub Desktop.
Download ZIP
Rejecting TRACE with middleware in a rails app
Raw
reject-trace.md

lib/reject_trace.rb

module Rack

  class RejectTrace
    def initialize(app)
      @app = app
    end

    def call(env)
      status, headers, body = @app.call(env)

      if env["REQUEST_METHOD"] == "TRACE"
        body.close if body.respond_to? :close
        [status, headers, []]
      else
        [status, headers, body]
      end
    end
  end
end

config/application.rb

config.autoload_paths += %W(#{config.root}/lib)
config.middleware.use "RejectTrace"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment