Accessing custom header variables in Ruby on Rails

Question

After reading the following question (Authorization header in Ruby on Rails accessed with key HTTP_AUTHORIZATION instead of Authorization?) I have a similar problem as the OP, but the proposed answer does not seem to solve mine.

I define a custom header as such in a call to my locally hosted server (through Postman):

@Igor: I actually use Postman, so I just added the curl code to demonstrate what I did. I guess it would be better to include a screenshot:

enter image description here

And this is the code in my controller which tries to read said header:

def authenticate_through_header
  custom_header_value = request.headers['custom_header']
end

However, this return nil. On the other hand, request.headers['HTTP_CUSTOM_HEADER'] returns the value. According to the question I linked to initially, I should be able to get the value through passing the name within the brackets [ ] - is this something which has been changed in newer Rails versions?

Cheers :-)

Update: It also works to access the variable in the following way: request.headers['custom-header']. So apparently it works to replace the underscore with a hyphen, which seems weird.

Do the same way: http://stackoverflow.com/questions/356705/how-to-send-a-header-using-a-http-request-through-a-curl-call e.g. curl -H — Igor Kasyanchuk, Nov 14 '13 at 08:05

Harsh Gupta · Accepted Answer · 2016-02-09T07:12:25.883

44

Yes, it has changed in Rails 4. Take a look at the Http::Headers code.

Now custom variables are always prepended with HTTP_ and ~~_ in your variables are replaced with -~~, except for CGI variables.

HTH

EDIT: Just checked again, - in variables are getting replaced with _ and being prepended with HTTP_. In above link, check line number 91-94:

key = key.upcase.tr('-', '_')

edited Feb 09 '16 at 07:12

answered Nov 14 '13 at 08:06

Harsh Gupta

4,348
2
25
30

5

It's so weird :( Is there any reason why Rails has to do this? – Blue Smith Apr 11 '14 at 06:43
ahh.. wasted half hour and then found this. thanks ! – rtdp Jun 12 '14 at 10:19
1

Does anybody know why rails is doing this starting in v4? It seems to me based on a quick search that "X-My-Header" is the commonly accepted header convention. Why break it? – Jeff Holliday Jan 22 '15 at 01:11
8

Also be aware that nginx, by default, blockers headers with underscores in them. – toxaq Mar 08 '15 at 04:47

score 0 · Answer 2 · answered Feb 18 '23 at 17:51

The answer is right, but I thought I'd add a note for people struggling with this.

If you binding.pry into your Rails controller, you can use

request.headers.to_h

This will get you a complete list of all of the headers. This makes it easier to track down that, for example, your header authentication_token has been translated into HTTP_AUTHENTICATION_TOKEN.

Accessing custom header variables in Ruby on Rails

2 Answers2

Linked