rails: Error during failsafe response: undefined method `valid_encoding?' when passing :controller param
Steps to reproduce
I wasn’t able to get this to fail in the minimal test apps so here’s instructions:
- Generate a new Rails app:
rails new foobar
- Run
rails s
- Make a call to a non existing route passing a
:controller
param:
curl -XPOST http://localhost:3000/foobar -d '{ "controller": { "foo": "bar" } }' -H 'Content-Type: application/json'
Expected behavior
It should return a 404/routing error.
Actual behavior
The server crashes with:
Started POST "/foobar" for ::1 at 2019-09-20 11:21:22 +0200
ActionController::RoutingError (No route matches [POST] "/foobar"):
actionpack (6.0.0) lib/action_dispatch/middleware/debug_exceptions.rb:36:in `call'
web-console (4.0.1) lib/web_console/middleware.rb:132:in `call_app'
web-console (4.0.1) lib/web_console/middleware.rb:28:in `block in call'
web-console (4.0.1) lib/web_console/middleware.rb:17:in `catch'
web-console (4.0.1) lib/web_console/middleware.rb:17:in `call'
actionpack (6.0.0) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
railties (6.0.0) lib/rails/rack/logger.rb:38:in `call_app'
railties (6.0.0) lib/rails/rack/logger.rb:26:in `block in call'
activesupport (6.0.0) lib/active_support/tagged_logging.rb:80:in `block in tagged'
activesupport (6.0.0) lib/active_support/tagged_logging.rb:28:in `tagged'
activesupport (6.0.0) lib/active_support/tagged_logging.rb:80:in `tagged'
railties (6.0.0) lib/rails/rack/logger.rb:26:in `call'
sprockets-rails (3.2.1) lib/sprockets/rails/quiet_assets.rb:13:in `call'
actionpack (6.0.0) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
actionpack (6.0.0) lib/action_dispatch/middleware/request_id.rb:27:in `call'
rack (2.0.7) lib/rack/method_override.rb:22:in `call'
rack (2.0.7) lib/rack/runtime.rb:22:in `call'
activesupport (6.0.0) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
actionpack (6.0.0) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.0.0) lib/action_dispatch/middleware/static.rb:126:in `call'
rack (2.0.7) lib/rack/sendfile.rb:111:in `call'
actionpack (6.0.0) lib/action_dispatch/middleware/host_authorization.rb:83:in `call'
webpacker (4.0.7) lib/webpacker/dev_server_proxy.rb:29:in `perform_request'
rack-proxy (0.6.5) lib/rack/proxy.rb:57:in `call'
railties (6.0.0) lib/rails/engine.rb:526:in `call'
puma (3.12.1) lib/puma/configuration.rb:227:in `call'
puma (3.12.1) lib/puma/server.rb:660:in `handle_request'
puma (3.12.1) lib/puma/server.rb:474:in `process_client'
puma (3.12.1) lib/puma/server.rb:334:in `block in run'
puma (3.12.1) lib/puma/thread_pool.rb:135:in `block in spawn_thread'
Error during failsafe response: undefined method `valid_encoding?' for {"foo"=>"bar"}:ActiveSupport::HashWithIndifferentAccess
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/actionpack-6.0.0/lib/action_dispatch/http/parameters.rb:90:in `set_binary_encoding'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/actionpack-6.0.0/lib/action_dispatch/http/parameters.rb:60:in `parameters'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/actionpack-6.0.0/lib/action_dispatch/http/mime_negotiation.rb:66:in `block in formats'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/rack-2.0.7/lib/rack/request.rb:59:in `fetch'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/rack-2.0.7/lib/rack/request.rb:59:in `fetch_header'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/actionpack-6.0.0/lib/action_dispatch/http/mime_negotiation.rb:64:in `formats'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/actionpack-6.0.0/lib/action_dispatch/middleware/public_exceptions.rb:25:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/actionpack-6.0.0/lib/action_dispatch/middleware/show_exceptions.rb:51:in `render_exception'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/actionpack-6.0.0/lib/action_dispatch/middleware/show_exceptions.rb:36:in `rescue in call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/actionpack-6.0.0/lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/railties-6.0.0/lib/rails/rack/logger.rb:38:in `call_app'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/railties-6.0.0/lib/rails/rack/logger.rb:26:in `block in call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/activesupport-6.0.0/lib/active_support/tagged_logging.rb:80:in `block in tagged'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/activesupport-6.0.0/lib/active_support/tagged_logging.rb:28:in `tagged'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/activesupport-6.0.0/lib/active_support/tagged_logging.rb:80:in `tagged'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/railties-6.0.0/lib/rails/rack/logger.rb:26:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/sprockets-rails-3.2.1/lib/sprockets/rails/quiet_assets.rb:13:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/actionpack-6.0.0/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/actionpack-6.0.0/lib/action_dispatch/middleware/request_id.rb:27:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/rack-2.0.7/lib/rack/method_override.rb:22:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/rack-2.0.7/lib/rack/runtime.rb:22:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/activesupport-6.0.0/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/actionpack-6.0.0/lib/action_dispatch/middleware/executor.rb:14:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/actionpack-6.0.0/lib/action_dispatch/middleware/static.rb:126:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/rack-2.0.7/lib/rack/sendfile.rb:111:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/actionpack-6.0.0/lib/action_dispatch/middleware/host_authorization.rb:83:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/webpacker-4.0.7/lib/webpacker/dev_server_proxy.rb:29:in `perform_request'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/rack-proxy-0.6.5/lib/rack/proxy.rb:57:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/railties-6.0.0/lib/rails/engine.rb:526:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/puma-3.12.1/lib/puma/configuration.rb:227:in `call'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/puma-3.12.1/lib/puma/server.rb:660:in `handle_request'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/puma-3.12.1/lib/puma/server.rb:474:in `process_client'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/puma-3.12.1/lib/puma/server.rb:334:in `block in run'
/Users/linus/.asdf/installs/ruby/2.5.5/lib/ruby/gems/2.5.0/gems/puma-3.12.1/lib/puma/thread_pool.rb:135:in `block in spawn_thread'
It only happens if I pass the controller
param and the content type above.
System configuration
Rails version: 6.0.0 (and 5.x)
Ruby version: 2.5.5
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 16 (9 by maintainers)
I wrote a test locally and was able to reproduce. This was fixed by https://github.com/rails/rails/pull/40124 earlier today.
But this is not the issue, right? The Rails router should not work on user supplied POST data, but on the path.
Good call! I just tried this out myself on a Rails 5 app I have sitting around and I got these deprecation warnings:
So, yes you’re right, user-supplied
controller
should not be used in this situation at all. Sorry for the diversion!