Restrict configuration sources to ENV and YAML#72
Open
palkan wants to merge 2 commits into
Open
Conversation
Specify possible configuration sources explicitly to avoid triggering HTTP-backed Anyway loaders (e.g., Doppler or custom) that could cause recursion due to HTTP patches and, thus, crash due to the stack limit
palkan
commented
Jun 24, 2025
|
|
||
| # Only load configuration from static sources; prevent from trying to load | ||
| # from network sources, such as Doppler, to avoid recursion errors | ||
| self.configuration_sources = %i[env yml] if respond_to?(:configuration_sources) |
Contributor
Author
There was a problem hiding this comment.
Only use this configuration if supported; so, no requirement on upgrading the anyway_config gem
geoffharcourt
approved these changes
Jun 25, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Context
Recently, we found an issue with the combination of Sniffer, Anyway Config, and Doppler: a max call stack error occurs when we have an HTTP-backed configuration source available for Anyway Config.
Sniffer tries to load the configuration, and while it's still being loaded, we perform an HTTP request, which in its turn again tries to initializes the configuration—and the loop continues 'till it hits the max stack error.
Solution
We can limit the configuration sources for Sniffer to ENV and YAML. Those are safe to use (well, unless someone adds an HTTP call to YAML via ERB 😁).
Since we never mentioned that Sniffer can be configured in any way, keeping just ENV and YAML should be a good compromise.
Alternative solutions
I also considered making the config initialization two-phased: first, allocation and saving the
@configvariable, then doing the actual load (once). It's a bit more tricky because it would require to deal with the Anyway internals (we invoke#loadright in the#initialize—not good) and handle the in-the-middle-of-loading state. Still worth exploring though.Misc changes
Fixed some RuboCop issues.
Backporting
For those hitting the issue and waiting for a new release, the following snippet should help (make sure you use
anyway_config>= 2.8.0):