From f7359342afbe3e654dfb0e78770493deba7342c9 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Thu, 16 Mar 2006 03:31:40 +0000 Subject: Added protection against proxy setups treating requests as local even when they're not #3898 [stephen_purcell@yahoo.com] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3892 5ecf4fe2-1ee6-0310-87b1-e25e094e27de --- actionpack/CHANGELOG | 2 ++ actionpack/lib/action_controller/rescue.rb | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index 3b63e4b44c..609cdf0bd5 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Added protection against proxy setups treating requests as local even when they're not #3898 [stephen_purcell@yahoo.com] + * Added TestRequest#raw_post that simulate raw_post from CgiRequest #3042 [francois.beausoleil@gmail.com] * Underscore dasherized keys in formatted requests [Jamis Buck] diff --git a/actionpack/lib/action_controller/rescue.rb b/actionpack/lib/action_controller/rescue.rb index 104823ebcc..d97a294964 100644 --- a/actionpack/lib/action_controller/rescue.rb +++ b/actionpack/lib/action_controller/rescue.rb @@ -60,7 +60,7 @@ module ActionController #:nodoc: # the remote IP being 127.0.0.1. For example, this could include the IP of the developer machine when debugging # remotely. def local_request? #:doc: - @request.remote_addr == "127.0.0.1" + [@request.remote_addr, @request.remote_ip] == ["127.0.0.1"] * 2 end # Renders a detailed diagnostics screen on action exceptions. -- cgit v1.2.3