diff options
| author | Andre Arko <andre@arko.net> | 2013-01-02 15:34:27 -0800 |
|---|---|---|
| committer | Andre Arko <andre@arko.net> | 2013-01-02 15:34:27 -0800 |
| commit | cc5a4bb4df2390cb57d5a295a4f4a51572012268 (patch) | |
| tree | e6f6bf5432487ed4f8c3c0b42ca48cca8716b51e /actionpack | |
| parent | c79fb2ac8f7951a2f178413dbbfdeb4d015afacf (diff) | |
| download | rails-cc5a4bb4df2390cb57d5a295a4f4a51572012268.tar.gz rails-cc5a4bb4df2390cb57d5a295a4f4a51572012268.tar.bz2 rails-cc5a4bb4df2390cb57d5a295a4f4a51572012268.zip | |
Explain the possible precautions
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_dispatch/middleware/remote_ip.rb | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/remote_ip.rb b/actionpack/lib/action_dispatch/middleware/remote_ip.rb index ad5e1993aa..4e36c9bb49 100644 --- a/actionpack/lib/action_dispatch/middleware/remote_ip.rb +++ b/actionpack/lib/action_dispatch/middleware/remote_ip.rb @@ -17,9 +17,10 @@ module ActionDispatch # IF YOU DON'T USE A PROXY, THIS MAKES YOU VULNERABLE TO IP SPOOFING. # This middleware assumes that there is at least one proxy sitting around # and setting headers with the client's remote IP address. If you don't use - # a proxy, because you are hosted on e.g. Heroku, any client can claim to - # have any IP address by setting the X-Forwarded-For header. If you care - # about that, please take precautions. + # a proxy, because you are hosted on e.g. Heroku without SSL, any client can + # claim to have any IP address by setting the X-Forwarded-For header. If you + # care about that, then you need to explicitly drop or ignore those headers + # sometime before this middleware runs. class RemoteIp class IpSpoofAttackError < StandardError; end |