Class: Dispatch::Rails::ReportingEndpointMiddleware

Inherits:

Object

• Object
• Dispatch::Rails::ReportingEndpointMiddleware

Defined in:

lib/dispatch/rails/reporting_endpoint_middleware.rb

Overview

Terminal Rack endpoint for the browser Reporting API. Point a CSP ‘report-uri`/`report-to` group (or any Reporting-Endpoints group) at config.reporting_endpoint_path and the browser POSTs its reports straight here — no host controller required. Each report becomes a synthetic exception pushed through Reporter.capture, so it lands as a first-class event with the usual sampling, before_send, and transport applied.

Opt-in (config.capture_browser_reports). When disabled — or for any request that isn’t a POST to the configured path — it passes straight through. When it does handle a request it answers 204 itself and never calls downstream, so the configured path must be one no host route uses.

Pick ONE CSP mechanism: this endpoint OR the JS securitypolicyviolation listener (config.capture_csp_violations). Enabling both, with report-uri aimed here, double-counts every violation.

Constant Summary

MAX_BODY_BYTES =

64_000

MAX_REPORTS =

50

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app) ⇒ ReportingEndpointMiddleware constructor

  A new instance of ReportingEndpointMiddleware.

Constructor Details

#initialize(app) ⇒ ReportingEndpointMiddleware

Returns a new instance of ReportingEndpointMiddleware.

# File 'lib/dispatch/rails/reporting_endpoint_middleware.rb', line 32

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/dispatch/rails/reporting_endpoint_middleware.rb', line 36

def call(env)
  config = Dispatch::Rails.configuration
  return @app.call(env) unless handles?(config, env)

  # @app.call above is deliberately OUTSIDE any rescue — a normal request's
  # exceptions must propagate to Rails' exception handling, never be
  # swallowed here. Only the report-handling path is rescued.
  handle_report(env)
end