aboutsummaryrefslogtreecommitdiffstats
path: root/railties/test/application/middleware/remote_ip_test.rb
Commit message (Collapse)AuthorAgeFilesLines
* Refactor ActionDispatch::RemoteIpSam Aarons2014-08-211-1/+15
| | | | | | | | | | | | | Refactored IP address checking in ActionDispatch::RemoteIp to rely on the IPAddr class instead of the unwieldly regular expression to match IP addresses. This commit keeps the same api but allows users to pass IPAddr objects to config.action_dispatch.trusted_proxies in addition to passing strings and regular expressions. Example: # config/environments/production.rb config.action_dispatch.trusted_proxies = IPAddr.new('4.8.15.0/16')
* make sure both headers are set before checking for ip spoofingTamir Duberstein2013-06-041-0/+10
|
* Remove comments about removing LegacyKeyGenerator in 4.1Trevor Turk2013-04-031-1/+0
|
* Rename DummyKeyGenerator -> LegacyKeyGeneratorTrevor Turk2013-04-021-2/+2
|
* Restore original remote_ip algorithm.Andre Arko2013-01-021-1/+1
| | | | | | | | | | | Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We remove trusted IP values, and then take the last given value, assuming that it is the most likely to be the correct, unfaked value. See [1] for a very thorough discussion of why that is the best option we have at the moment. [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/ Fixes #7979
* Use derived keys everywhere, http_authentication was missing itSantiago Pastorino2012-11-031-1/+3
|
* Remove app building setup/teardown for remote ip railtie testsCarlos Antonio da Silva2012-08-211-14/+0
| | | | | These tests rely on "make_basic_app", which is a faster version that does not need to create the whole app directory structure.
* convert railties to use AS::TestCaseAaron Patterson2012-01-051-1/+1
|
* Solve the RAILS_ENV problem in the railties tests in a more generic wayJon Leighton2011-06-061-0/+4
|
* Fix a routing test. Reorganize middleware tests.José Valim2010-10-021-0/+63