| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
IPAddr::InvalidAddressError does not exist in Ruby 1.9.3
and fails for JRuby in 1.9 mode.
As IPAddr::InvalidAddressError is a subclass of ArgumentError
(via IPAddr::Error) just rescuing ArgumentError is fine.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactored IP address checking in ActionDispatch::RemoteIp to rely on
the IPAddr class instead of the unwieldly regular expression to match
IP addresses. This commit keeps the same api but allows users to pass
IPAddr objects to config.action_dispatch.trusted_proxies in addition
to passing strings and regular expressions.
Example:
# config/environments/production.rb
config.action_dispatch.trusted_proxies = IPAddr.new('4.8.15.0/16')
|
| |
|
|\
| |
| |
| |
| |
| |
| | |
Make remote_ip detection properly handle private IPv6 addresses
Conflicts:
actionpack/CHANGELOG.md
|
| |
| |
| |
| | |
Fixes #12638.
|
|/
|
|
|
| |
Was custom_proxies in inline docs, but should be and defined in
constructor as custom_proxies
|
| |
|
| |
|
|\ |
|
| | |
|
|/
|
|
| |
see: https://github.com/blog/1406-namespaced-gists
|
|
|
|
| |
[ci skip]
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
remove trusted IP values, and then take the last given value, assuming that
it is the most likely to be the correct, unfaked value. See [1] for a very
thorough discussion of why that is the best option we have at the moment.
[1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/
Fixes #7979
|
|
|
|
| |
There is no need in additional `@calculated_ip` instance variable.
|
|
|
|
| |
tests.
|
|\
| |
| | |
The first IP address in the X-Forwarded-For header is the originating IP
|
| | |
|
|/ |
|
| |
|
|
|
|
| |
We are using @calculated_ip.
@calculate_ip is no where used
|
| |
|
| |
|
|
|
|
| |
This reverts commit 8d1a2b3ecde5a8745b3eaab4763a71d80ca3441f, because I have fixed the issues this commit caused in the next commit.
|
|
|
|
|
|
|
|
| |
This reverts commit 6491aadc525b8703708e0fd0fbf05bd436a47801, reversing
changes made to 83bf0b626cf2134260903e57d74f67de57384073.
See https://github.com/rails/rails/pull/3640#issuecomment-2752761 for
explanation.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- return the last forwarded IP before REMOTE_ADDR to handle proxies
- remove completely superfluous RemoteIpGetter class
- remove duplication of trusted proxies regexp
- remove unused constant from Request
- move comments from Request to where they are actually relevant
- edit comments for clarity of purpose
The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address.
|
|
* ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check
* ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies
|