diff options
| author | Darren Boyd <dboyd@tapiocamobile.com> | 2008-11-22 10:04:30 -0800 |
|---|---|---|
| committer | Michael Koziarski <michael@koziarski.com> | 2008-12-01 20:40:18 +0100 |
| commit | 0a4a5f3129a137fc357e8444a08b135f0ad4fbe8 (patch) | |
| tree | 876fdcd3bc5b8a92431dd82f74b20ace72c1c488 /actionpack/lib/action_controller/base.rb | |
| parent | 97403ad5fdfcdfb2110c6f8fd0ebf43b7afc4859 (diff) | |
| download | rails-0a4a5f3129a137fc357e8444a08b135f0ad4fbe8.tar.gz rails-0a4a5f3129a137fc357e8444a08b135f0ad4fbe8.tar.bz2 rails-0a4a5f3129a137fc357e8444a08b135f0ad4fbe8.zip | |
Making the IP Spoofing check in AbstractRequest#remote_ip configurable.
Certain groups of web proxies do not set these values properly. Notably,
proxies for cell phones, which often do not set the remote IP information
correctly (not surprisingly, since the clients do not have an IP address).
Allowing this to be configurable makes it possible for developers to choose
to ignore this simple spoofing check, when a significant amount of their
traffic would result in false positives anyway.
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#1200 state:committed]
Diffstat (limited to 'actionpack/lib/action_controller/base.rb')
| -rw-r--r-- | actionpack/lib/action_controller/base.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index dca66ff0a5..c2f0c1c4f6 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -327,6 +327,10 @@ module ActionController #:nodoc: # sets it to <tt>:authenticity_token</tt> by default. cattr_accessor :request_forgery_protection_token + # Controls the IP Spoofing check when determining the remote IP. + @@ip_spoofing_check = true + cattr_accessor :ip_spoofing_check + # Indicates whether or not optimise the generated named # route helper methods cattr_accessor :optimise_named_routes |