From 654df86b7b022085785a64c431c45d8450d5e987 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@gmail.com>
Date: Fri, 16 Dec 2011 10:38:17 +0100
Subject: [PATCH] Show detailed exceptions no longer returns true if the
 request is local in production.

---
 actionpack/CHANGELOG.md                                |  4 ++--
 actionpack/lib/action_controller/metal/rescue.rb       | 10 +++++++++-
 .../test/controller/new_base/render_template_test.rb   |  6 ++++++
 actionpack/test/controller/show_exceptions_test.rb     |  6 +++++-
 .../test/application/middleware/exceptions_test.rb     |  1 +
 5 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index da18060202..c7cf9a8203 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -68,9 +68,9 @@
           <%= f.text_field :version %>
         <% end %>
 
-*   Refactor ActionDispatch::ShowExceptions. Controller is responsible for choosing to show exceptions when `consider_all_requests_local` is false. *Sergey Nartimov*
+*   Refactor ActionDispatch::ShowExceptions. The controller is responsible for choosing to show exceptions when `consider_all_requests_local` is false.
 
-    It's possible to override `show_detailed_exceptions?` in controllers to specify which requests should provide debugging information on errors.
+    It's possible to override `show_detailed_exceptions?` in controllers to specify which requests should provide debugging information on errors. The default value is now false, meaning local requests in production will no longer show the detailed exceptions page unless `show_detailed_exceptions?` is overridden and set to `request.local?`.
 
 *   Responders now return 204 No Content for API requests without a response body (as in the new scaffold) *José Valim*
 
diff --git a/actionpack/lib/action_controller/metal/rescue.rb b/actionpack/lib/action_controller/metal/rescue.rb
index c4b056ebc0..68cc9a9c9b 100644
--- a/actionpack/lib/action_controller/metal/rescue.rb
+++ b/actionpack/lib/action_controller/metal/rescue.rb
@@ -1,4 +1,7 @@
 module ActionController #:nodoc:
+  # This module is responsible to provide `rescue_from` helpers
+  # to controllers and configure when detailed exceptions must be
+  # shown.
   module Rescue
     extend ActiveSupport::Concern
     include ActiveSupport::Rescuable
@@ -12,8 +15,13 @@ def rescue_with_handler(exception)
       super(exception)
     end
 
+    # Override this method if you want to customize when detailed
+    # exceptions must be shown. This method is only called when
+    # consider_all_requests_local is false. By default, it returns
+    # false, but someone may set it to `request.local?` so local
+    # requests in production still shows the detailed exception pages.
     def show_detailed_exceptions?
-      request.local?
+      false
     end
 
     private
diff --git a/actionpack/test/controller/new_base/render_template_test.rb b/actionpack/test/controller/new_base/render_template_test.rb
index ba804421da..ade204c387 100644
--- a/actionpack/test/controller/new_base/render_template_test.rb
+++ b/actionpack/test/controller/new_base/render_template_test.rb
@@ -59,6 +59,12 @@ def with_implicit_raw
     def with_error
       render :template => "test/with_error"
     end
+
+    private
+
+    def show_detailed_exceptions?
+      request.local?
+    end
   end
 
   class TestWithoutLayout < Rack::TestCase
diff --git a/actionpack/test/controller/show_exceptions_test.rb b/actionpack/test/controller/show_exceptions_test.rb
index ba78559f31..13ab19ed8f 100644
--- a/actionpack/test/controller/show_exceptions_test.rb
+++ b/actionpack/test/controller/show_exceptions_test.rb
@@ -16,6 +16,10 @@ def boom
     def another_boom
       raise 'boom!'
     end
+
+    def show_detailed_exceptions?
+      request.local?
+    end
   end
 
   class ShowExceptionsTest < ActionDispatch::IntegrationTest
@@ -26,7 +30,7 @@ class ShowExceptionsTest < ActionDispatch::IntegrationTest
       assert_equal "500 error fixture\n", body
     end
 
-    test 'show diagnostics from a local ip' do
+    test 'show diagnostics from a local ip if show_detailed_exceptions? is set to request.local?' do
       @app = ShowExceptionsController.action(:boom)
       ['127.0.0.1', '127.0.0.127', '::1', '0:0:0:0:0:0:0:1', '0:0:0:0:0:0:0:1%0'].each do |ip_address|
         self.remote_addr = ip_address
diff --git a/railties/test/application/middleware/exceptions_test.rb b/railties/test/application/middleware/exceptions_test.rb
index 6819e3e2e2..a9cde42be8 100644
--- a/railties/test/application/middleware/exceptions_test.rb
+++ b/railties/test/application/middleware/exceptions_test.rb
@@ -88,6 +88,7 @@ def call(env)
 
     test "displays diagnostics message when exception raised in template that contains UTF-8" do
       app.config.action_dispatch.show_exceptions = true
+      app.config.consider_all_requests_local = true
 
       controller :foo, <<-RUBY
         class FooController < ActionController::Base
-- 
GitLab