Validates request.headers in your rails controller.
gem 'weak_headers'class ApplicationController < ActionController::Base
protect_from_forgery
rescue_from WeakHeaders::ValidationError do |e|
render json: { message: e.message }, status: 400
end
end
# WeakHeaders provides `header_validates` class method to define validations.
class AuthController < ApplicationController
header_validates :create do
requires 'X-App-Client-Id', except: ["token", "123456"]
optional :'X-App-Id', only: '1'
requires 'X-App-Client-Secret' do |value|
value =~ /\A\w{64}\z/
end
end
def create
auth = Application.authenticate(uid: request.headers['X-App-Client-Id'], secret: request.headers['X-App-Client-Secret'])
render json: { token: auth.token }
end
end- requires
- optional
- only
- except
- handler