aboutsummaryrefslogtreecommitdiffstats
path: root/railties/test
diff options
context:
space:
mode:
authorAndre Arko <andre@arko.net>2013-01-02 15:21:13 -0800
committerAndre Arko <andre@arko.net>2013-01-02 15:26:27 -0800
commit75dcdbc84e53cd824c4f1c3e4cb82c40f27010c8 (patch)
tree255a7267c3679a0d8f4ec7ffdb01505858819448 /railties/test
parent9f200fb296da721d50af53712d1e7998a5140e76 (diff)
downloadrails-75dcdbc84e53cd824c4f1c3e4cb82c40f27010c8.tar.gz
rails-75dcdbc84e53cd824c4f1c3e4cb82c40f27010c8.tar.bz2
rails-75dcdbc84e53cd824c4f1c3e4cb82c40f27010c8.zip
Restore original remote_ip algorithm.
Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We remove trusted IP values, and then take the last given value, assuming that it is the most likely to be the correct, unfaked value. See [1] for a very thorough discussion of why that is the best option we have at the moment. [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/ Fixes #7979
Diffstat (limited to 'railties/test')
-rw-r--r--railties/test/application/middleware/remote_ip_test.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/railties/test/application/middleware/remote_ip_test.rb b/railties/test/application/middleware/remote_ip_test.rb
index fde13eeb94..f0d3438aa4 100644
--- a/railties/test/application/middleware/remote_ip_test.rb
+++ b/railties/test/application/middleware/remote_ip_test.rb
@@ -40,7 +40,7 @@ module ApplicationTests
end
assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do
- assert_equal "1.1.1.2", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2")
+ assert_equal "1.1.1.1", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2")
end
end