aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/middleware/remote_ip.rb
Commit message (Collapse)AuthorAgeFilesLines
* Enable `Layout/EmptyLinesAroundAccessModifier` copRyuta Kamizono2019-06-131-1/+0
| | | | | | | | | | | We sometimes say "✂️ newline after `private`" in a code review (e.g. https://github.com/rails/rails/pull/18546#discussion_r23188776, https://github.com/rails/rails/pull/34832#discussion_r244847195). Now `Layout/EmptyLinesAroundAccessModifier` cop have new enforced style `EnforcedStyle: only_before` (https://github.com/rubocop-hq/rubocop/pull/7059). That cop and enforced style will reduce the our code review cost.
* Enable `Style/RedundantBegin` cop to avoid newly adding redundant begin blockRyuta Kamizono2018-12-211-8/+6
| | | | | | | | | | Currently we sometimes find a redundant begin block in code review (e.g. https://github.com/rails/rails/pull/33604#discussion_r209784205). I'd like to enable `Style/RedundantBegin` cop to avoid that, since rescue/else/ensure are allowed inside do/end blocks in Ruby 2.5 (https://bugs.ruby-lang.org/issues/12906), so we'd probably meets with that situation than before.
* Update links to use https link instead of http [ci skip]Yoshiyuki Hirano2017-08-221-2/+2
|
* Use frozen string literal in actionpack/Kir Shatrov2017-07-291-0/+2
|
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* [docs] fix ActionDispatch documentationHrvoje Šimić2017-03-131-3/+3
|
* Reduce string objects by using \ instead of + or << for concatenating stringsAkira Matsuda2017-01-121-2/+2
| | | | (I personally prefer writing one string in one line no matter how long it is, though)
* Privatize unneededly protected methods in Action PackAkira Matsuda2016-12-241-3/+3
|
* applies remaining conventions across the projectXavier Noria2016-08-061-2/+0
|
* applies new string literal convention in actionpack/libXavier Noria2016-08-061-1/+1
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* Clearer comment and variable name on IP spoofingGrey Baker2015-11-221-7/+15
|
* use a request object to access info from env in GetIpAaron Patterson2015-08-061-10/+12
| | | | | | | again, we want to hide the contents of `env` from the implementation. Allocate a request object to access the contents of env, but save allocations due to string literal allocations when accessing the env hash.
* pass check_ip and proxies to GetIp constructorAaron Patterson2015-06-031-4/+4
| | | | | The `GetIp` class doesn't need to keep a reference to the middleware, so there is no reason to pass the middleware instance to the `GetIp` class
* Don't rescue IPAddr::InvalidAddressErrorPeter Suschlik2014-08-291-1/+1
| | | | | | | | IPAddr::InvalidAddressError does not exist in Ruby 1.9.3 and fails for JRuby in 1.9 mode. As IPAddr::InvalidAddressError is a subclass of ArgumentError (via IPAddr::Error) just rescuing ArgumentError is fine.
* Refactor ActionDispatch::RemoteIpSam Aarons2014-08-211-52/+38
| | | | | | | | | | | | | Refactored IP address checking in ActionDispatch::RemoteIp to rely on the IPAddr class instead of the unwieldly regular expression to match IP addresses. This commit keeps the same api but allows users to pass IPAddr objects to config.action_dispatch.trusted_proxies in addition to passing strings and regular expressions. Example: # config/environments/production.rb config.action_dispatch.trusted_proxies = IPAddr.new('4.8.15.0/16')
* [ci skip] Fix capitalizationAkshay Vishnoi2014-06-071-2/+2
|
* Merge pull request #12651 from cespare/ipv6-remote-ip-fixesRafael Mendonça França2014-05-011-1/+1
|\ | | | | | | | | | | | | Make remote_ip detection properly handle private IPv6 addresses Conflicts: actionpack/CHANGELOG.md
| * Make remote_ip detection properly handle private IPv6 addressesCaleb Spare2013-10-261-1/+1
| | | | | | | | Fixes #12638.
* | Fix parameter naming in RemoteIp middleware constructor methodKalabiYau2014-02-181-2/+2
|/ | | | | Was custom_proxies in inline docs, but should be and defined in constructor as custom_proxies
* make sure both headers are set before checking for ip spoofingTamir Duberstein2013-06-041-1/+1
|
* Fix some typosVipul A M2013-03-241-1/+1
|
* Merge branch 'master' of github.com:lifo/docrailsVijay Dev2013-02-261-1/+1
|\
| * Typo fix.Carson McDonald2013-02-211-1/+1
| |
* | Gist URLs are now namespacedAkira Matsuda2013-02-181-1/+1
|/ | | | see: https://github.com/blog/1406-namespaced-gists
* Fix typo.Carson McDonald2013-02-111-1/+1
| | | | [ci skip]
* Explain the possible precautionsAndre Arko2013-01-021-3/+4
|
* Restore original remote_ip algorithm.Andre Arko2013-01-021-53/+112
| | | | | | | | | | | Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We remove trusted IP values, and then take the last given value, assuming that it is the most likely to be the correct, unfaked value. See [1] for a very thorough discussion of why that is the best option we have at the moment. [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/ Fixes #7979
* memoize calculated ip without additional variableSergey Nartimov2012-11-011-6/+4
| | | | There is no need in additional `@calculated_ip` instance variable.
* Valid ips v4 and v6. Right logic for working with X-FORWARDED-FOR header and ↵Alexey Gaziev2012-04-251-22/+68
| | | | tests.
* Merge pull request #2490 from gsterndale/x_forwarded_for_orderJosé Valim2012-02-071-1/+1
|\ | | | | The first IP address in the X-Forwarded-For header is the originating IP
| * The first IP address in the X-Forwarded-For header is the originating IPGreg Sterndale2012-02-071-1/+1
| |
* | Trusted proxies is replaced with a Regexp or appended to with a StringGreg Sterndale2012-02-071-4/+6
|/
* Fix routing test to use assert_equalCarlos Antonio da Silva2012-01-061-2/+2
|
* It should be @calculated_ip not @calculate_ipArun Agrawal2011-11-171-1/+1
| | | | We are using @calculated_ip. @calculate_ip is no where used
* Initialize our instance variables.Aaron Patterson2011-11-161-1/+3
|
* :facepalm: Request#remote_ip has to work without the middlewareAndre Arko2011-11-161-1/+1
|
* Revert "Revert "Merge pull request #3640 from indirect/remote_ip""Andre Arko2011-11-161-3/+6
| | | | This reverts commit 8d1a2b3ecde5a8745b3eaab4763a71d80ca3441f, because I have fixed the issues this commit caused in the next commit.
* Revert "Merge pull request #3640 from indirect/remote_ip"Jon Leighton2011-11-151-6/+3
| | | | | | | | This reverts commit 6491aadc525b8703708e0fd0fbf05bd436a47801, reversing changes made to 83bf0b626cf2134260903e57d74f67de57384073. See https://github.com/rails/rails/pull/3640#issuecomment-2752761 for explanation.
* GetIp#to_s should never return nil. That's icky.Andre Arko2011-11-141-3/+6
|
* memoize the relatively expensive remote IP codeAndre Arko2011-11-141-1/+7
|
* cleaner namesAndre Arko2011-11-141-6/+6
|
* remove ignored flag, fixes warningsAndre Arko2011-11-131-1/+1
|
* turns out the tests expect remote_addrs.firstAndre Arko2011-11-131-1/+1
|
* correctly raise IpSpoofAttackError messageAndre Arko2011-11-131-2/+2
|
* defer calculating the remote IP until requestedAndre Arko2011-11-121-24/+36
|
* refactor RemoteIp middlewareAndre Arko2011-11-111-37/+44
| | | | | | | | | | | - return the last forwarded IP before REMOTE_ADDR to handle proxies - remove completely superfluous RemoteIpGetter class - remove duplication of trusted proxies regexp - remove unused constant from Request - move comments from Request to where they are actually relevant - edit comments for clarity of purpose The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address.
* Move remote_ip to a middleware:Carlhuda2010-03-031-0/+51
* ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check * ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 00:36:12 +0000