diff options
| author | David Heinemeier Hansson <david@loudthinking.com> | 2006-03-16 03:31:40 +0000 |
|---|---|---|
| committer | David Heinemeier Hansson <david@loudthinking.com> | 2006-03-16 03:31:40 +0000 |
| commit | f7359342afbe3e654dfb0e78770493deba7342c9 (patch) | |
| tree | 4bcb40d9032591c31717e857bb3bf83e906a3643 | |
| parent | 3a7be80f4796eac74ea8c67e9d176358ea67673f (diff) | |
| download | rails-f7359342afbe3e654dfb0e78770493deba7342c9.tar.gz rails-f7359342afbe3e654dfb0e78770493deba7342c9.tar.bz2 rails-f7359342afbe3e654dfb0e78770493deba7342c9.zip | |
Added protection against proxy setups treating requests as local even when they're not #3898 [stephen_purcell@yahoo.com]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3892 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
| -rw-r--r-- | actionpack/CHANGELOG | 2 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/rescue.rb | 2 |
2 files changed, 3 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 3b63e4b44c..609cdf0bd5 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Added protection against proxy setups treating requests as local even when they're not #3898 [stephen_purcell@yahoo.com] + * Added TestRequest#raw_post that simulate raw_post from CgiRequest #3042 [francois.beausoleil@gmail.com] * Underscore dasherized keys in formatted requests [Jamis Buck] diff --git a/actionpack/lib/action_controller/rescue.rb b/actionpack/lib/action_controller/rescue.rb index 104823ebcc..d97a294964 100644 --- a/actionpack/lib/action_controller/rescue.rb +++ b/actionpack/lib/action_controller/rescue.rb @@ -60,7 +60,7 @@ module ActionController #:nodoc: # the remote IP being 127.0.0.1. For example, this could include the IP of the developer machine when debugging # remotely. def local_request? #:doc: - @request.remote_addr == "127.0.0.1" + [@request.remote_addr, @request.remote_ip] == ["127.0.0.1"] * 2 end # Renders a detailed diagnostics screen on action exceptions. |