aboutsummaryrefslogtreecommitdiffstats
path: root/railties
diff options
context:
space:
mode:
authorTamir Duberstein <tamird@squareup.com>2013-06-04 15:01:08 -0700
committerTamir Duberstein <tamird@squareup.com>2013-10-01 01:26:07 -0700
commit85106decc41f1695ff6fe54452168237fd0f98d0 (patch)
tree8e92885aa33b10f2109d365367b68724c42810f3 /railties
parentccd11d58910059f07b28cc518dbdad42cbc8ea0c (diff)
downloadrails-85106decc41f1695ff6fe54452168237fd0f98d0.tar.gz
rails-85106decc41f1695ff6fe54452168237fd0f98d0.tar.bz2
rails-85106decc41f1695ff6fe54452168237fd0f98d0.zip
make sure both headers are set before checking for ip spoofing
Diffstat (limited to 'railties')
-rw-r--r--railties/test/application/middleware/remote_ip_test.rb10
1 files changed, 10 insertions, 0 deletions
diff --git a/railties/test/application/middleware/remote_ip_test.rb b/railties/test/application/middleware/remote_ip_test.rb
index da291f061c..126f4832c4 100644
--- a/railties/test/application/middleware/remote_ip_test.rb
+++ b/railties/test/application/middleware/remote_ip_test.rb
@@ -46,6 +46,16 @@ module ApplicationTests
end
end
+ test "works with both headers individually" do
+ make_basic_app
+ assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do
+ assert_equal "1.1.1.1", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1")
+ end
+ assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do
+ assert_equal "1.1.1.2", remote_ip("HTTP_CLIENT_IP" => "1.1.1.2")
+ end
+ end
+
test "can disable IP spoofing check" do
make_basic_app do |app|
app.config.action_dispatch.ip_spoofing_check = false