Rails 6 ActionMailer previews and http basic authentication

Question

I have the following ActionMailer configuration in production.rb:

  unless ENV['APP_NAME'] == 'application-production'
    config.action_mailer.preview_path = Rails.root.join('test/mailers/previews')
    config.action_mailer.show_previews = true
  end

The problem is, non-production apps, such as the staging app, should have http authentication for the whole domain, including the mailer preview path '/rails/mailers' which is now accessible without auth. What's the missing configuration?

EDIT: I tried adding an initializer as per this answer: https://stackoverflow.com/a/44923157/2116456. I would like to use ActionController::Base.http_basic_authenticate_with in the initializer, but it's not available

score 2 · Answer 1 · answered Mar 30 '20 at 17:49

Okay, I found a way to do what I needed:

I set up an initializer: 'initializers/mailer_previews.rb' with the following:

if Rails.application.config.action_mailer.show_previews
  Rails::MailersController.prepend_before_action do
    head :forbidden unless authenticate_or_request_with_http_basic('Plz login') do |username, password|
      username == ENV['AUTH_NAME'] && password == ENV['AUTH_PASSWORD']
    end
  end
end

Thanks to @prcu for pointing me in the right direction (see this post)

Rails 6 ActionMailer previews and http basic authentication

1 Answers1