header variables go missing in production

Question

I'm running Rails 3.1 with PhusionPassenger and NGINX in the back. I'm sending requests via a simple HttpClient (GrahpicalHttpClient for OS X). My code expects a token and an ID in the header to verify the authenticity of the caller. In developement mode this is no problem, but once I move it into production the header variables go missing. Nothing is displayed.

Here is the code:

@caller = Person.check_authentication_token(request.headers['person_id'], request.headers['authentication_token'])

The method check_authentication_token returns nil if either variable is nil. As I said, this works fine in development but the request.headers['person_id'] and request.headers['authentication_token'] are both nil in production. Has anyone else seen this issue before?

jqr · Accepted Answer · 2016-01-22T18:43:45.883

15

Nginx defaults to considering underscores in request headers invalid and subsequently removes them, see http://wiki.nginx.org/HttpCoreModule#underscores_in_headers for how to fix this.

edited Jan 22 '16 at 18:43

answered Jun 28 '11 at 04:03

jqr

654
6
11

1

Also happens with Apache. http://stackoverflow.com/questions/22856136/why-underscores-are-forbidden-in-http-header-names – Axel Zehden Jan 21 '16 at 16:09
1

Saved my life. I was going crazy due to SOME headers showing up and some not (the ones with underscores) – Augusto Samamé Barrientos Jan 18 '17 at 21:41

header variables go missing in production

1 Answers1

Linked