make sure both headers are set before checking for ip spoofing

author: Tamir Duberstein <tamird@squareup.com> 2013-06-04 15:01:08 -0700
committer: Tamir Duberstein <tamird@squareup.com> 2013-06-04 15:01:08 -0700
commit: ccd6f8b931efa7b3eb191a62522fbfc89389b091 (patch)
tree: b19a87ff66bdd3f956d49eb82c834c4b80b3455b /railties/test
parent: 95296f1a7a2ae0490546c0d3010fc435558911c8 (diff)
download: rails-ccd6f8b931efa7b3eb191a62522fbfc89389b091.tar.gz
rails-ccd6f8b931efa7b3eb191a62522fbfc89389b091.tar.bz2
rails-ccd6f8b931efa7b3eb191a62522fbfc89389b091.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/railties/test/application/middleware/remote_ip_test.rb b/railties/test/application/middleware/remote_ip_test.rb
index 91c5807379..946b82eeb3 100644
--- a/railties/test/application/middleware/remote_ip_test.rb
+++ b/railties/test/application/middleware/remote_ip_test.rb
@@ -33,6 +33,16 @@ module ApplicationTests
       end
     end
 
+    test "works with both headers individually" do
+      make_basic_app
+      assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do
+        assert_equal "1.1.1.1", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1")
+      end
+      assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do
+        assert_equal "1.1.1.2", remote_ip("HTTP_CLIENT_IP" => "1.1.1.2")
+      end
+    end
+
     test "can disable IP spoofing check" do
       make_basic_app do |app|
         app.config.action_dispatch.ip_spoofing_check = false
author	Tamir Duberstein <tamird@squareup.com>	2013-06-04 15:01:08 -0700
committer	Tamir Duberstein <tamird@squareup.com>	2013-06-04 15:01:08 -0700
commit	ccd6f8b931efa7b3eb191a62522fbfc89389b091 (patch)
tree	b19a87ff66bdd3f956d49eb82c834c4b80b3455b /railties/test
parent	95296f1a7a2ae0490546c0d3010fc435558911c8 (diff)
download	rails-ccd6f8b931efa7b3eb191a62522fbfc89389b091.tar.gz rails-ccd6f8b931efa7b3eb191a62522fbfc89389b091.tar.bz2 rails-ccd6f8b931efa7b3eb191a62522fbfc89389b091.zip