When testing webhooks integration using ngrok on a new Rails 6 app, I couldn't figure out why 403 response were returned in ngrok, and nothing was logged in the server logs. I ended up learning about the new HostAuthorization middleware included in Rails 6 and the need for specifying hosts in the app config when different from localhost.
In some cases where you don't have access to html/text response from the server, like the one I experienced, I think it would be good to log it using the Rails.logger. HostAuthorization calls a default response app when host is not whitelisted <https://github.com/rails/rails/blob/98a57aa5f610bc66af31af409c72173cdeeb3c9e/actionpack/lib/action_dispatch/middleware/host_authorization.rb>, logging could happen there: DEFAULT_RESPONSE_APP = -> env do request = Request.new(env) format = request.xhr? ? "text/plain" : "text/html" template = DebugView.new(host: request.host) body = template.render(template: "rescues/blocked_host", layout: "rescues/layout") # Logging details about the reason of the 403 Rails.logger.error("Host host.com not included in host lists. Please add it to your config") [403, { "Content-Type" => "#{format}; charset=#{Response.default_charset}", "Content-Length" => body.bytesize.to_s, }, [body]] end Interested in feedback from the community! -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-core+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-core/f2075b94-482d-4f65-99cb-47a062933d19%40googlegroups.com.
