Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Update links to use https link instead of http [ci skip] | Yoshiyuki Hirano | 2017-08-22 | 1 | -2/+2 |
| | |||||
* | Use frozen string literal in actionpack/ | Kir Shatrov | 2017-07-29 | 1 | -0/+2 |
| | |||||
* | Revert "Merge pull request #29540 from kirs/rubocop-frozen-string" | Matthew Draper | 2017-07-02 | 1 | -1/+0 |
| | | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa. | ||||
* | Enforce frozen string in Rubocop | Kir Shatrov | 2017-07-01 | 1 | -0/+1 |
| | |||||
* | [docs] fix ActionDispatch documentation | Hrvoje Šimić | 2017-03-13 | 1 | -3/+3 |
| | |||||
* | Reduce string objects by using \ instead of + or << for concatenating strings | Akira Matsuda | 2017-01-12 | 1 | -2/+2 |
| | | | | (I personally prefer writing one string in one line no matter how long it is, though) | ||||
* | Privatize unneededly protected methods in Action Pack | Akira Matsuda | 2016-12-24 | 1 | -3/+3 |
| | |||||
* | applies remaining conventions across the project | Xavier Noria | 2016-08-06 | 1 | -2/+0 |
| | |||||
* | applies new string literal convention in actionpack/lib | Xavier Noria | 2016-08-06 | 1 | -1/+1 |
| | | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default. | ||||
* | Clearer comment and variable name on IP spoofing | Grey Baker | 2015-11-22 | 1 | -7/+15 |
| | |||||
* | use a request object to access info from env in GetIp | Aaron Patterson | 2015-08-06 | 1 | -10/+12 |
| | | | | | | | again, we want to hide the contents of `env` from the implementation. Allocate a request object to access the contents of env, but save allocations due to string literal allocations when accessing the env hash. | ||||
* | pass check_ip and proxies to GetIp constructor | Aaron Patterson | 2015-06-03 | 1 | -4/+4 |
| | | | | | The `GetIp` class doesn't need to keep a reference to the middleware, so there is no reason to pass the middleware instance to the `GetIp` class | ||||
* | Don't rescue IPAddr::InvalidAddressError | Peter Suschlik | 2014-08-29 | 1 | -1/+1 |
| | | | | | | | | IPAddr::InvalidAddressError does not exist in Ruby 1.9.3 and fails for JRuby in 1.9 mode. As IPAddr::InvalidAddressError is a subclass of ArgumentError (via IPAddr::Error) just rescuing ArgumentError is fine. | ||||
* | Refactor ActionDispatch::RemoteIp | Sam Aarons | 2014-08-21 | 1 | -52/+38 |
| | | | | | | | | | | | | | Refactored IP address checking in ActionDispatch::RemoteIp to rely on the IPAddr class instead of the unwieldly regular expression to match IP addresses. This commit keeps the same api but allows users to pass IPAddr objects to config.action_dispatch.trusted_proxies in addition to passing strings and regular expressions. Example: # config/environments/production.rb config.action_dispatch.trusted_proxies = IPAddr.new('4.8.15.0/16') | ||||
* | [ci skip] Fix capitalization | Akshay Vishnoi | 2014-06-07 | 1 | -2/+2 |
| | |||||
* | Merge pull request #12651 from cespare/ipv6-remote-ip-fixes | Rafael Mendonça França | 2014-05-01 | 1 | -1/+1 |
|\ | | | | | | | | | | | | | Make remote_ip detection properly handle private IPv6 addresses Conflicts: actionpack/CHANGELOG.md | ||||
| * | Make remote_ip detection properly handle private IPv6 addresses | Caleb Spare | 2013-10-26 | 1 | -1/+1 |
| | | | | | | | | Fixes #12638. | ||||
* | | Fix parameter naming in RemoteIp middleware constructor method | KalabiYau | 2014-02-18 | 1 | -2/+2 |
|/ | | | | | Was custom_proxies in inline docs, but should be and defined in constructor as custom_proxies | ||||
* | make sure both headers are set before checking for ip spoofing | Tamir Duberstein | 2013-06-04 | 1 | -1/+1 |
| | |||||
* | Fix some typos | Vipul A M | 2013-03-24 | 1 | -1/+1 |
| | |||||
* | Merge branch 'master' of github.com:lifo/docrails | Vijay Dev | 2013-02-26 | 1 | -1/+1 |
|\ | |||||
| * | Typo fix. | Carson McDonald | 2013-02-21 | 1 | -1/+1 |
| | | |||||
* | | Gist URLs are now namespaced | Akira Matsuda | 2013-02-18 | 1 | -1/+1 |
|/ | | | | see: https://github.com/blog/1406-namespaced-gists | ||||
* | Fix typo. | Carson McDonald | 2013-02-11 | 1 | -1/+1 |
| | | | | [ci skip] | ||||
* | Explain the possible precautions | Andre Arko | 2013-01-02 | 1 | -3/+4 |
| | |||||
* | Restore original remote_ip algorithm. | Andre Arko | 2013-01-02 | 1 | -53/+112 |
| | | | | | | | | | | | Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We remove trusted IP values, and then take the last given value, assuming that it is the most likely to be the correct, unfaked value. See [1] for a very thorough discussion of why that is the best option we have at the moment. [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/ Fixes #7979 | ||||
* | memoize calculated ip without additional variable | Sergey Nartimov | 2012-11-01 | 1 | -6/+4 |
| | | | | There is no need in additional `@calculated_ip` instance variable. | ||||
* | Valid ips v4 and v6. Right logic for working with X-FORWARDED-FOR header and ↵ | Alexey Gaziev | 2012-04-25 | 1 | -22/+68 |
| | | | | tests. | ||||
* | Merge pull request #2490 from gsterndale/x_forwarded_for_order | José Valim | 2012-02-07 | 1 | -1/+1 |
|\ | | | | | The first IP address in the X-Forwarded-For header is the originating IP | ||||
| * | The first IP address in the X-Forwarded-For header is the originating IP | Greg Sterndale | 2012-02-07 | 1 | -1/+1 |
| | | |||||
* | | Trusted proxies is replaced with a Regexp or appended to with a String | Greg Sterndale | 2012-02-07 | 1 | -4/+6 |
|/ | |||||
* | Fix routing test to use assert_equal | Carlos Antonio da Silva | 2012-01-06 | 1 | -2/+2 |
| | |||||
* | It should be @calculated_ip not @calculate_ip | Arun Agrawal | 2011-11-17 | 1 | -1/+1 |
| | | | | We are using @calculated_ip. @calculate_ip is no where used | ||||
* | Initialize our instance variables. | Aaron Patterson | 2011-11-16 | 1 | -1/+3 |
| | |||||
* | :facepalm: Request#remote_ip has to work without the middleware | Andre Arko | 2011-11-16 | 1 | -1/+1 |
| | |||||
* | Revert "Revert "Merge pull request #3640 from indirect/remote_ip"" | Andre Arko | 2011-11-16 | 1 | -3/+6 |
| | | | | This reverts commit 8d1a2b3ecde5a8745b3eaab4763a71d80ca3441f, because I have fixed the issues this commit caused in the next commit. | ||||
* | Revert "Merge pull request #3640 from indirect/remote_ip" | Jon Leighton | 2011-11-15 | 1 | -6/+3 |
| | | | | | | | | This reverts commit 6491aadc525b8703708e0fd0fbf05bd436a47801, reversing changes made to 83bf0b626cf2134260903e57d74f67de57384073. See https://github.com/rails/rails/pull/3640#issuecomment-2752761 for explanation. | ||||
* | GetIp#to_s should never return nil. That's icky. | Andre Arko | 2011-11-14 | 1 | -3/+6 |
| | |||||
* | memoize the relatively expensive remote IP code | Andre Arko | 2011-11-14 | 1 | -1/+7 |
| | |||||
* | cleaner names | Andre Arko | 2011-11-14 | 1 | -6/+6 |
| | |||||
* | remove ignored flag, fixes warnings | Andre Arko | 2011-11-13 | 1 | -1/+1 |
| | |||||
* | turns out the tests expect remote_addrs.first | Andre Arko | 2011-11-13 | 1 | -1/+1 |
| | |||||
* | correctly raise IpSpoofAttackError message | Andre Arko | 2011-11-13 | 1 | -2/+2 |
| | |||||
* | defer calculating the remote IP until requested | Andre Arko | 2011-11-12 | 1 | -24/+36 |
| | |||||
* | refactor RemoteIp middleware | Andre Arko | 2011-11-11 | 1 | -37/+44 |
| | | | | | | | | | | | - return the last forwarded IP before REMOTE_ADDR to handle proxies - remove completely superfluous RemoteIpGetter class - remove duplication of trusted proxies regexp - remove unused constant from Request - move comments from Request to where they are actually relevant - edit comments for clarity of purpose The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address. | ||||
* | Move remote_ip to a middleware: | Carlhuda | 2010-03-03 | 1 | -0/+51 |
* ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check * ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies |