Rails Middleware
September 15, 2021 in rails

Here’s a list of middleware Rails uses in a development environment. You can view the middleware by running the bin/rails middleware command from your application directory.

Rack::MiniProfiler

Displays speed badge for every HTML page. Designed to work both in production and in development.

ActionDispatch::HostAuthorization

Guards from DNS rebinding attacks by explicitly permitting the hosts a request can be sent to

Rack::Sendfile

Intercepts responses whose body is being served from a file and replaces it with a server specific X-Sendfile header. The web server is then responsible for writing the file contents to the client.

This can dramatically reduce the amount of work required by the Ruby backend and takes advantage of the web server’s optimized file delivery code.

ActionDispatch::Static

Serves static files from disk, if available. If no file is found, it hands off to the main app. In Rails apps, this middleware is configured to serve assets from the public directory.

ActionDispatch::Executor

Wraps requests with a supplied Executor. The Rails Executor separates application code from framework code. Any time the framework invokes your code, it will be wrapped by the executor.

The Executor consists of two callbacks: to_run and to_complete. The Run callback is called before the application code, and the Complete callback is called after.

ActiveSupport::Cache::Strategy::LocalCache::Middleware

Flushes memory based store used internally by Rails.cache

Rack::Runtime

Sets an “X-Runtime” response header, indicating the response time of the request, in seconds. You can put it right before the application to see the processing time, or before all the other middlewares to include time for them, too.

Rack::MethodOverride

HTML forms only support the GET and POST request. This middleware lets you override based on _method parameter, allowing you to use PUT or DELETE.

Makes a unique request id available to the action_dispatch.request_id env variable and sends the same id to the client via the X-Request-Id header.

ActionDispatch::RequestId

The unique request id is either based on the X-Request-Id header in the request, which would typically be generated by a firewall, load balancer, or the web server, or, if this header is not available, a random uuid.

The unique request id can be used to trace a request end-to-end and would typically end up being part of log files from multiple pieces of the stack.

ActionDispatch::RemoteIp

Calculates the IP address of the remote client that is making the request. Read more at: https://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/

Sprockets::Rails::QuietAssets

Suppresses logger output for asset requests.

Rails::Rack::Logger

Sets log tags, logs the request, calls the app, and flushes the logs.

ActionDispatch::ShowExceptions

This middleware rescues any exception returned by the application and calls an exceptions app that will wrap it in a format suitable for the the end-user.

WebConsole::Middleware

Sets up an interactive Ruby session in your browser.

ActionDispatch::DebugExceptions

Logs exceptions and shows a debugging page in case the request is local.

ActionDispatch::ActionableExceptions

Takes care of invoking actions from error page. Dispatches action to ActionableError and redirects back when action block has successfully run.

Source: https://www.bigbinary.com/blog/rails-6-adds-active-support-actionable-error

ActionDispatch::Reloader

Ensures any arriving HTTP request is served with a freshly-loaded copy of the application if there are any new code changes.

ActionDispatch::Callbacks

Provides callbacks to be executed before and after dispatching the request.

ActiveRecord::Migration::CheckPending

Verifies that all migrations have been run before loading a web page if config.active_record.migration_error is set to :page_load

ActionDispatch::Cookies

It reads and writes data to cookies through ActionController#cookies. When reading cookie data, the data is read from the HTTP request header, Cookie. When writing cookie data, the data is sent out in the HTTP response header, Set-Cookie.

ActionDispatch::Session::CookieStore

Stores the session in a cookie so it persists between requests. This cookie-based session store is the Rails default and it is dramatically faster than the alternatives.

ActionDispatch::Flash

Provides a way to pass temporary primitive-types (String, Array, Hash) between actions.

Anything you place in the flash will be exposed to the very next action and then cleared out. This is a great way of doing notices and alerts.

ActionDispatch::ContentSecurityPolicy::Middleware

Helps setting up the content-security-policy for your app, to guard against Cross-Site-Scripting attacks.

ActionDispatch::PermissionsPolicy::Middleware

Helps setting up the HTTP Permissions policy for defining a mechanism to allow and deny the use of browser permissions in its own context.

Rack::Head

Returns an empty body for all HEAD requests, leaving all other requests unchanged.

The HTTP HEAD method requests the headers that would be returned for a GET request with same URL. For example, if a URL might produce a large download, a HEAD request could read its Content-Length header to check the filesize without actually downloading the file.

Rack::ConditionalGet

Enables conditional GET using If-None-Match and If-Modified-Since. If response is the same as last request, it won’t send the last data again.

Rack::ETag

Automatically sets the ETag header on all String bodies.

Rack::TempfileReaper

Tracks and cleans the temporary files created throughout a request

Blog::Application.routes

Runs our application