aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/request_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/test/controller/request_test.rb')
-rw-r--r--actionpack/test/controller/request_test.rb9
1 files changed, 9 insertions, 0 deletions
diff --git a/actionpack/test/controller/request_test.rb b/actionpack/test/controller/request_test.rb
index 316a203e97..ba4a6da39b 100644
--- a/actionpack/test/controller/request_test.rb
+++ b/actionpack/test/controller/request_test.rb
@@ -66,6 +66,15 @@ class RequestTest < ActiveSupport::TestCase
assert_match /HTTP_X_FORWARDED_FOR="9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4"/, e.message
assert_match /HTTP_CLIENT_IP="8.8.8.8"/, e.message
+ # turn IP Spoofing detection off.
+ # This is useful for sites that are aimed at non-IP clients. The typical
+ # example is WAP. Since the cellular network is not IP based, it's a
+ # leap of faith to assume that their proxies are ever going to set the
+ # HTTP_CLIENT_IP/HTTP_X_FORWARDED_FOR headers properly.
+ ActionController::Base.ip_spoofing_check = false
+ assert_equal('8.8.8.8', @request.remote_ip(true))
+ ActionController::Base.ip_spoofing_check = true
+
@request.env['HTTP_X_FORWARDED_FOR'] = '8.8.8.8, 9.9.9.9'
assert_equal '8.8.8.8', @request.remote_ip(true)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 22:06:35 +0000