split icon indicating copy to clipboard operation
split copied to clipboard
verified publisher icon splitrb

Sinatra host authorization

Open matiaskorhonen opened this issue 9 months ago • 0 comments

Describe the bug

Sinatra 4.1.0 adds host authorization by default in development mode.

This means that if you use a non-default domain in development, you'll get a ‘Host not permitted’ error when trying to visit the Split dashboard.

  • https://github.com/sinatra/sinatra/blob/main/CHANGELOG.md#410--2024-11-18
  • https://github.com/sinatra/sinatra/pull/2053

To Reproduce

Steps to reproduce the behavior:

  1. Configure Split and mount the dashboard as usual (make sure that Sinatra >= 4.1.0 gets installed)
  2. Add a custom domain to the permitted hosts in Rails (for example config.hosts << "127.0.0.1.nip.io:3000")
  3. Visit 127.0.0.1.nip.io:3000/split
  4. You should see a Host not permitted error

Expected behavior

The host authorization middleware should probably be configurable through the Split configuration.

Additional context

This monkey patch is a workaround for the moment:

require 'split/dashboard'

class Split::Dashboard
  set :host_authorization, { permitted_hosts: ["127.0.0.1.nip.io"] }
end

matiaskorhonen avatar Apr 04 '25 06:04 matiaskorhonen