These are chat archives for padrino/padrino-framework

24th
Aug 2017
Jorge Fuertes
@jorgefuertes
Aug 24 2017 10:24
Hi, talking about Rack::Protection::AuthenticityToken... When its raised I get a "Forbbiden" error page but not my 403 error page which is defined in the app.rb. I think the error is thrown by Rack and it doesn't raise a sinatra boom. How can I catch it and show my custom page?
Josh LeBlanc
@HorizonShadow
Aug 24 2017 11:28
I'm pretty sure that's intended
Jorge Fuertes
@jorgefuertes
Aug 24 2017 11:46
Maybe but I need to react to that, for example, an update and sessions flushed, the login page its open from before and user gets this Forbidden error. I want to show a page with a try to login again, or maybe a redirect to the login from with a flash notice.
padrinobot
@padrinobot
Aug 24 2017 11:53
wikimatz1 Hi Jorge
wikimatz1 There is a reason for this ...
wikimatz1 I found rack-protection and nginx post: https://sourcediver.org/blog/2015/07/01/rack-protection-and-nginx/
wikimatz1 To get arround with this, you have to change the settings in your webserver
Jorge Fuertes
@jorgefuertes
Aug 24 2017 15:19
taking a read of that @wikimatz1, thanks!
Jorge Fuertes
@jorgefuertes
Aug 24 2017 15:25
Hummm... no @wikimatz1, nothing to do with my problem. My nginx configuration its working like a charm and the problem happens even in local, with just a puma in the 9292. Please listen, the CRSF protection is working properly, just I want to render my own 403 app's error page instead of the Rack string "Forbidden". If I raise a 403 by myself, that's not a problem, my "error 403 do" page is displayed, but when its a AuthenticityToken, no, it isn't.
So, my trouble is not with the token mechanism, it works well.
padrinobot
@padrinobot
Aug 24 2017 15:40
wikimatz1 Thanks for letting me know
wikimatz1 maybe this could be something for you
wikimatz1 if not, please post your app
wikimatz1 so that we can help
Jorge Fuertes
@jorgefuertes
Aug 24 2017 16:36
@padrinobot No... that's not the way. The problem is how to catch the Rack::Protection error. I have a block for the 403 error, but this error is processed out of it, somewhere in Rack, or padrino internals.