Upgraded Rails to 6, getting Blocked host Error

50
votes

I needed the new function in ActiveStorage to resize_to_fill so I upgraded to Ruby 2.5.1 and Rails 6.

ruby '2.5.1'

gem "rails", github: "rails/rails"

When I stopped, then started my server (Cloud 9), I received the Rails error:

Blocked host: xxxxxxx-xxxxxxx.c9users.io To allow requests to xxxxxxx-xxxxxxx.c9users.io, add the following configuration:

Rails.application.config.hosts << "xxxxxxx-xxxxxxx.c9users.io"

I've tried restarting, new windows, but nothing gets rid of this. I've never seen this error before. I'm guessing the new version of Rails is doing something?

7
ruby-on-railscloud9ruby-on-rails-6
I created a new app to test if it was my original app or every app. It was already running ruby 2.5.1. I changed the Gemfile to use edge Rails (6), gem 'rails', github: 'rails/rails' as I did before. I started the server and it did the same thing, gave the same error.Tony S.
I added Rails.application.config.hosts << "xxxxxxx-xxxxxxx.c9users.io" to config/application.rb and it fixed my test app fine. Then I did it to my real app and it also worked. The problem is, Devise threw an error as well, which apparently won't be fixed until at least Rails 6 beta. I guess I'm going back to Carrierwave for my image sizing needs until ActiveStorage is more mature.Tony S.

7 Answers

67
votes

The Blocked Host is a new feature of Rails 6. You can add this pattern to your config/environments/development.rb to have no worries of that in case of dynamic urls

config.hosts << /[a-z0-9]+\.c9users\.io/

Also for ngrok user, just replace above c9users by ngrok

Source: https://github.com/MikeRogers0/puma-ngrok-tunnel

46
votes

If you want to disable this functionality on your development environment, you can add config.hosts.clear to config/environments/development.rb.

10
votes

This article worked for me:

  1. The first option is to whitelist the hostnames in config/environments/development.rb:

    Rails.application.configure do
  config.hosts << "hostname" # Whitelist one hostname
  config.hosts << /application\.local\Z/ # Whitelist a test domain
end

  2. The second option is to clear the entire whitelist, which lets through requests for all hostnames:

    Rails.application.configure do
  config.hosts.clear
end

Credit goes to Manfred Stienstra.

9
votes

Simple solution:

Add this line to config/environments/development.rb

config.hosts << /[a-z0-9]+\.ngrok\.io/

Restart your rails server and it will work

3
votes

I added Rails.application.config.hosts << "xxxxxxx-xxxxxxx.c9users.io" to config/application.rb and it fixed my test app fine. Then I did it to my real app and it also worked. The problem is, Devise threw an error as well, which apparently won't be fixed until at least Rails 6 beta. I guess I'm going back to Carrierwave for my image sizing needs until ActiveStorage is more mature.

1
votes

HEADS UP : You may whitelist your host with the config application.config.hosts << 'your_unvalid_host_name' but still have the error. The error message is currently not accurate in this case. See this issue. You should not use hostname with underscore. NB: The application.config.hosts.clear is working in this case.

0
votes

In Rails 6 Action Pack introduced ActionDispatch::HostAuthorization and by default allows only [IPAddr.new(“0.0.0.0/0”), IPAddr.new(“::/0”), “localhost”]

You can add arrays of RegExp, Proc, IPAddr and String or a single String in the file config/application.rb like this

class Application < Rails::Application
  config.hosts << "xxxxxxx-xxxxxxx.c9users.io"
  ...
end

From "https://drivy.engineering/rails-6-unnoticed-features":

Rails 6 added a new middleware called ActionDispatch::HostAuthorization allowing you to whitelist some hosts for your application and preventing Host header attacks. You can easily configure it with a String, IPAddr, Proc and RegExp (useful when dealing with wildcard domains).