aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/http/request.rb
diff options
context:
space:
mode:
authorCarlhuda <carlhuda@engineyard.com>2010-03-03 16:22:30 -0800
committerCarl Lerche <carllerche@mac.com>2010-03-03 21:24:00 -0800
commit93422af5d5bc0285bd72cfb2fd9b59f6d64ba141 (patch)
tree10416ad8d3ba611fb8fcb7191decb7580f126db2 /actionpack/lib/action_dispatch/http/request.rb
parent9a9caf646d020e33ccdeac0f9b114acec019b599 (diff)
downloadrails-93422af5d5bc0285bd72cfb2fd9b59f6d64ba141.tar.gz
rails-93422af5d5bc0285bd72cfb2fd9b59f6d64ba141.tar.bz2
rails-93422af5d5bc0285bd72cfb2fd9b59f6d64ba141.zip
Move remote_ip to a middleware:
* ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check * ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies
Diffstat (limited to 'actionpack/lib/action_dispatch/http/request.rb')
-rwxr-xr-xactionpack/lib/action_dispatch/http/request.rb31
1 files changed, 1 insertions, 30 deletions
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index 7a17023ed2..56a2b9bf6a 100755
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -119,36 +119,7 @@ module ActionDispatch
# delimited list in the case of multiple chained proxies; the last
# address which is not trusted is the originating IP.
def remote_ip
- remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].scan(/[^,\s]+/)
-
- unless remote_addr_list.blank?
- not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES || addr =~ ActionController::Base.trusted_proxies}
- return not_trusted_addrs.first unless not_trusted_addrs.empty?
- end
- remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
-
- if @env.include? 'HTTP_CLIENT_IP'
- if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP'])
- # We don't know which came from the proxy, and which from the user
- raise ActionController::ActionControllerError.new <<EOM
-IP spoofing attack?!
-HTTP_CLIENT_IP=#{@env['HTTP_CLIENT_IP'].inspect}
-HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}
-EOM
- end
-
- return @env['HTTP_CLIENT_IP']
- end
-
- if remote_ips
- while remote_ips.size > 1 && (TRUSTED_PROXIES =~ remote_ips.last.strip || ActionController::Base.trusted_proxies =~ remote_ips.last.strip)
- remote_ips.pop
- end
-
- return remote_ips.last.strip
- end
-
- @env['REMOTE_ADDR']
+ (@env["action_dispatch.remote_ip"] || ip).to_s
end
# Returns the lowercase name of the HTTP server software.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 14:39:04 +0000