From 75dcdbc84e53cd824c4f1c3e4cb82c40f27010c8 Mon Sep 17 00:00:00 2001
From: Andre Arko <andre@arko.net>
Date: Wed, 2 Jan 2013 15:21:13 -0800
Subject: Restore original remote_ip algorithm.

Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
remove trusted IP values, and then take the last given value, assuming that
it is the most likely to be the correct, unfaked value. See [1] for a very
thorough discussion of why that is the best option we have at the moment.

[1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/

Fixes #7979
---
 railties/test/application/middleware/remote_ip_test.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'railties/test')

diff --git a/railties/test/application/middleware/remote_ip_test.rb b/railties/test/application/middleware/remote_ip_test.rb
index fde13eeb94..f0d3438aa4 100644
--- a/railties/test/application/middleware/remote_ip_test.rb
+++ b/railties/test/application/middleware/remote_ip_test.rb
@@ -40,7 +40,7 @@ module ApplicationTests
       end
 
       assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do
-        assert_equal "1.1.1.2", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2")
+        assert_equal "1.1.1.1", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2")
       end
     end
 
-- 
cgit v1.2.3