Upgraded Rails to 6, getting Blocked host Error
Ruby on-RailsCloud9Ruby on-Rails-6Ruby on-Rails Problem Overview
I needed the new function in ActiveStorage to resize_to_fill so I upgraded to Ruby 2.5.1 and Rails 6.
ruby '2.5.1'
gem "rails", github: "rails/rails"
When I stopped, then started my server (Cloud 9), I received the Rails error:
Blocked host: xxxxxxx-xxxxxxx.c9users.io To allow requests to xxxxxxx-xxxxxxx.c9users.io, add the following configuration:
Rails.application.config.hosts << "xxxxxxx-xxxxxxx.c9users.io"
I've tried restarting, new windows, but nothing gets rid of this. I've never seen this error before. I'm guessing the new version of Rails is doing something?
Ruby on-Rails Solutions
Solution 1 - Ruby on-Rails
The Blocked Host is a new feature of Rails 6. You can add this pattern to your config/environments/development.rb
to have no worries of that in case of dynamic urls
config.hosts << /[a-z0-9]+\.c9users\.io/
Also for ngrok user, just replace above c9users
by ngrok
Update: ngrok is currently using -
in their URLs so this should be accurate config.hosts << /[a-z0-9-]+\.ngrok\.io/
Solution 2 - Ruby on-Rails
If you want to disable this functionality on your development environment, you can add config.hosts.clear
to config/environments/development.rb
.
Solution 3 - Ruby on-Rails
Simple solution:
Add this line to config/environments/development.rb
config.hosts << /[a-z0-9-]+\.ngrok\.io/
Restart your rails server and it will work
UPDATE
If you successfully used this regex in the past and it stopped working, that's because in the past few months, ngrok URLs started using -
characters. The regex above has one additional character, and must be used in place of the old (very similar regex).
E.g. This works
config.hosts << /[a-z0-9-]+\.ngrok\.io/ # allows dashes
this will not work
config.hosts << /[a-z0-9]+\.ngrok\.io/ # subtly different and won't allow dashes
Make sure you're using the regex that does allow dashes!
Solution 4 - Ruby on-Rails
This article worked for me:
-
The first option is to whitelist the hostnames in
config/environments/development.rb
:Rails.application.configure do config.hosts << "hostname" # Whitelist one hostname config.hosts << /application\.local\Z/ # Whitelist a test domain end
-
The second option is to clear the entire whitelist, which lets through requests for all hostnames:
Rails.application.configure do config.hosts.clear end
Credit goes to Manfred Stienstra.
Solution 5 - Ruby on-Rails
I added Rails.application.config.hosts << "xxxxxxx-xxxxxxx.c9users.io"
to config/application.rb
and it fixed my test app fine. Then I did it to my real app and it also worked. The problem is, Devise threw an error as well, which apparently won't be fixed until at least Rails 6 beta. I guess I'm going back to Carrierwave
for my image sizing needs until ActiveStorage
is more mature.
Solution 6 - Ruby on-Rails
To allow requests from any subdomain of ngrok.io
(or other service), the simplest solution is to prepend it with .
like so:
# config/environments/development.rb
Rails.application.configure do
...
config.hosts << '.ngrok.io'
end
No need to use a regexp for subdomains like mentioned in some other answers.
PS: don't disable this functionality by doing config.hosts.clear
as mentioned in some other answers, as this defeats the purpose of Rails' DNS rebinding protection, and under the right circumstances an outside attacker could gain full access to your local Rails app information (source).
Solution 7 - Ruby on-Rails
In Rails 6
, when you want to allow host from ngrok v2.3.40
, add this config into config/environments/development.rb
config.hosts << /[a-z0-9\-]+\.ap\.ngrok\.io/
Restart server and enjoy
Solution 8 - Ruby on-Rails
Add this line to config/environments/development.rb
config.hosts << /.+\.ngrok\.io:\d+/
Most of the responses I see are missing the port part of the URL. If you are accessing this URL in a specific port (typically :3000
) the :\d+
part of the regular expression is necessary.
It will work after restarting your server.
Solution 9 - Ruby on-Rails
In Rails 6 Action Pack introduced ActionDispatch::HostAuthorization and by default allows only [IPAddr.new(“0.0.0.0/0”), IPAddr.new(“::/0”), “localhost”]
You can add arrays of RegExp, Proc, IPAddr and String or a single String in the file config/application.rb like this
class Application < Rails::Application
config.hosts << "xxxxxxx-xxxxxxx.c9users.io"
...
end
From "https://drivy.engineering/rails-6-unnoticed-features";:
> Rails 6 added a new middleware called > ActionDispatch::HostAuthorization allowing you to whitelist some hosts > for your application and preventing Host header attacks. You can > easily configure it with a String, IPAddr, Proc and RegExp (useful > when dealing with wildcard domains).
Solution 10 - Ruby on-Rails
HEADS UP : You may whitelist your host with the config application.config.hosts << 'your_unvalid_host_name'
but still have the error.
The error message is currently not accurate in this case. See this issue.
You should not use hostname with underscore.
NB: The application.config.hosts.clear
is working in this case.
Solution 11 - Ruby on-Rails
In order to support hyphens in the ngrok subdomain name and region, you need to change config/environments/development.rb
change config.hosts
to /[a-z0-9.-]+.ngrok.io/
Example:
config.hosts = (config.hosts rescue []) << /[a-z0-9.-]+.ngrok.io/
Solution 12 - Ruby on-Rails
config.hosts = nil
Use this in development.rb
and and restart your rails server, it works for me, it will work.
Solution 13 - Ruby on-Rails
1st run the ngrok 3000 in one of the terminals and next open the new terminal and run rails s... then u can see now ngrok and rails s both can run simultaneously...