diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2013-01-02 15:37:02 -0800 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2013-01-02 15:37:02 -0800 |
| commit | c9d8481bebe55d8073256391e4f828cb2c8c3849 (patch) | |
| tree | e6f6bf5432487ed4f8c3c0b42ca48cca8716b51e | |
| parent | c79fb2ac8f7951a2f178413dbbfdeb4d015afacf (diff) | |
| parent | cc5a4bb4df2390cb57d5a295a4f4a51572012268 (diff) | |
| download | rails-c9d8481bebe55d8073256391e4f828cb2c8c3849.tar.gz rails-c9d8481bebe55d8073256391e4f828cb2c8c3849.tar.bz2 rails-c9d8481bebe55d8073256391e4f828cb2c8c3849.zip | |
Merge pull request #8706 from steveklabnik/ip_precautions
Explain the possible IP precautions
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/remote_ip.rb | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index ad5e1993aa..4e36c9bb49 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -17,9 +17,10 @@ module ActionDispatch # IF YOU DON'T USE A PROXY, THIS MAKES YOU VULNERABLE TO IP SPOOFING. # This middleware assumes that there is at least one proxy sitting around # and setting headers with the client's remote IP address. If you don't use - # a proxy, because you are hosted on e.g. Heroku, any client can claim to - # have any IP address by setting the X-Forwarded-For header. If you care - # about that, please take precautions. + # a proxy, because you are hosted on e.g. Heroku without SSL, any client can + # claim to have any IP address by setting the X-Forwarded-For header. If you + # care about that, then you need to explicitly drop or ignore those headers + # sometime before this middleware runs. class RemoteIp class IpSpoofAttackError < StandardError; end |