diff options
| author | Andre Arko <andre@arko.net> | 2013-01-02 15:21:13 -0800 |
|---|---|---|
| committer | Andre Arko <andre@arko.net> | 2013-01-02 15:26:27 -0800 |
| commit | 75dcdbc84e53cd824c4f1c3e4cb82c40f27010c8 (patch) | |
| tree | 255a7267c3679a0d8f4ec7ffdb01505858819448 /railties/test/application/middleware | |
| parent | 9f200fb296da721d50af53712d1e7998a5140e76 (diff) | |
| download | rails-75dcdbc84e53cd824c4f1c3e4cb82c40f27010c8.tar.gz rails-75dcdbc84e53cd824c4f1c3e4cb82c40f27010c8.tar.bz2 rails-75dcdbc84e53cd824c4f1c3e4cb82c40f27010c8.zip | |
Restore original remote_ip algorithm.
Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
remove trusted IP values, and then take the last given value, assuming that
it is the most likely to be the correct, unfaked value. See [1] for a very
thorough discussion of why that is the best option we have at the moment.
[1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/
Fixes #7979
Diffstat (limited to 'railties/test/application/middleware')
| -rw-r--r-- | railties/test/application/middleware/remote_ip_test.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/railties/test/application/middleware/remote_ip_test.rb b/railties/test/application/middleware/remote_ip_test.rb index fde13eeb94..f0d3438aa4 100644 --- a/railties/test/application/middleware/remote_ip_test.rb +++ b/railties/test/application/middleware/remote_ip_test.rb @@ -40,7 +40,7 @@ module ApplicationTests end assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do - assert_equal "1.1.1.2", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2") + assert_equal "1.1.1.1", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2") end end |