Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Make Request#remote_ip return nil when HTTP_X_FORWARDED_FOR is empty

If HTTP_X_FORWARDED_FOR only contains whitespace, don't try to extract a
list of IP addresses from it.
  • Loading branch information...
commit cd2136aed6350b2bc7e5c0f3f57dfd7f141f76e8 1 parent e0774e4
@dasch authored
View
2  actionpack/lib/action_controller/request.rb
@@ -225,7 +225,7 @@ def remote_ip
not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES}
return not_trusted_addrs.first unless not_trusted_addrs.empty?
end
- remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
+ remote_ips = @env['HTTP_X_FORWARDED_FOR'].present? && @env['HTTP_X_FORWARDED_FOR'].split(',')
if @env.include? 'HTTP_CLIENT_IP'
if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP'])
View
3  actionpack/test/controller/request_test.rb
@@ -20,6 +20,9 @@ def test_remote_ip
'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
assert_equal '1.2.3.4', request.remote_ip
+ request = stub_request 'HTTP_X_FORWARDED_FOR' => ''
+ assert_nil request.remote_ip
+
request = stub_request 'REMOTE_ADDR' => '127.0.0.1',
'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
assert_equal '3.4.5.6', request.remote_ip
Please sign in to comment.
Something went wrong with that request. Please try again.