Patrik Ragnarsson
Patrik Ragnarsson
This protection/validation exists in Rails as the [`HostAuthorization` middleware](https://github.com/rails/rails/blob/v7.1.3.3/actionpack/lib/action_dispatch/middleware/host_authorization.rb) ([docs](https://guides.rubyonrails.org/configuring.html#actiondispatch-hostauthorization), [past security issues](https://groups.google.com/g/rubyonrails-security/search?q=Open%20Redirect)). Are we talking about adding the same to either Rack or Puma (and other servers?). Adding it...
> I guess we need to spend some time fixing these issues. I did 😄
I'll just note that I can still reproduce with amqp-client.js v3.0.0 (on both RabbitMQ 3.9.16 used in the example here and RabbitMQ 3.12.1).
This would also solve issues like https://github.com/enkessler/childprocess/issues/186? With this branch, I was able to use `childprocess` in the docker image `ghcr.io/graalvm/truffleruby-community:23.1.0-debian` on my Apple silicon Mac where `CHILDPROCESS_POSIX_SPAWN` didn't get...
I found a difference between this PR and the latest release: keys in the environment hash now needs to be strings From `docker run -it --rm -v $(pwd):/app -w /app...
Actually, that might not be a difference between this PR and the latest release. It is just that this PR is the only way for me to use `childprocess` with...
> I suspect the error above happens with the latest release and `CHILDPROCESS_POSIX_SPAWN`. No, works fine ``` $ docker run --rm -it -v $(pwd):/app -w /app ruby:3.2.2 bash root@da4ec93e9332:/app# CHILDPROCESS_POSIX_SPAWN=1...
> I suspect the error above happens with the latest release and `CHILDPROCESS_POSIX_SPAWN` It doesn't blow up, but childprocess 4.1.0 has a similar problem with `CHILDPROCESS_POSIX_SPAWN` on TruffleRuby/JRuby, if you...
> It doesn't blow up, but childprocess 4.1.0 has a similar problem with `CHILDPROCESS_POSIX_SPAWN` on TruffleRuby/JRuby, if you pass symbol keys in the env, they wont be used if the...
Let's Encrypt recently flipped the defaults again (https://letsencrypt.org/2023/07/10/cross-sign-expiration.html) so this is no longer needed. The `lambda` suggestion above would have been a more robust solution, but oh well, hopefully this...