aboutsummaryrefslogtreecommitdiffstats
path: root/railties/test/application/middleware/remote_ip_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Remove deprecated `config.secret_token`Rafael Mendonça França2019-01-171-1/+3
|
* Adding frozen_string_literal pragma to Railties.Pat Allan2017-08-141-0/+2
|
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* applies new string literal convention in railties/testXavier Noria2016-08-061-6/+6
| | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* remove args from assert_nothing_raised in testsTara Scherner de la Fuente2016-02-221-3/+3
|
* Refactor ActionDispatch::RemoteIpSam Aarons2014-08-211-1/+15
| | | | | | | | | | | | | Refactored IP address checking in ActionDispatch::RemoteIp to rely on the IPAddr class instead of the unwieldly regular expression to match IP addresses. This commit keeps the same api but allows users to pass IPAddr objects to config.action_dispatch.trusted_proxies in addition to passing strings and regular expressions. Example: # config/environments/production.rb config.action_dispatch.trusted_proxies = IPAddr.new('4.8.15.0/16')
* make sure both headers are set before checking for ip spoofingTamir Duberstein2013-06-041-0/+10
|
* Remove comments about removing LegacyKeyGenerator in 4.1Trevor Turk2013-04-031-1/+0
|
* Rename DummyKeyGenerator -> LegacyKeyGeneratorTrevor Turk2013-04-021-2/+2
|
* Restore original remote_ip algorithm.Andre Arko2013-01-021-1/+1
| | | | | | | | | | | Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We remove trusted IP values, and then take the last given value, assuming that it is the most likely to be the correct, unfaked value. See [1] for a very thorough discussion of why that is the best option we have at the moment. [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/ Fixes #7979
* Use derived keys everywhere, http_authentication was missing itSantiago Pastorino2012-11-031-1/+3
|
* Remove app building setup/teardown for remote ip railtie testsCarlos Antonio da Silva2012-08-211-14/+0
| | | | | These tests rely on "make_basic_app", which is a faster version that does not need to create the whole app directory structure.
* convert railties to use AS::TestCaseAaron Patterson2012-01-051-1/+1
|
* Solve the RAILS_ENV problem in the railties tests in a more generic wayJon Leighton2011-06-061-0/+4
|
* Fix a routing test. Reorganize middleware tests.José Valim2010-10-021-0/+63