Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide accurate handling of the Remote address information #16

Closed
jrconlin opened this issue Aug 29, 2018 · 1 comment
Closed

Provide accurate handling of the Remote address information #16

jrconlin opened this issue Aug 29, 2018 · 1 comment
Assignees
@rfk
Labels
train-122 waffle:review
Milestone
FxA-156: Fenix P...

Comments

@jrconlin
Copy link
Member

it appears that actix takes a very simple view of how the remote address is resolved, which may lead to potential header spoofing. We may want to handle extracting the remote IP address from the request headers ourselves.
@jrconlin jrconlin mentioned this issue Aug 29, 2018
Merged
@rfk rfk added the waffle:next label Sep 6, 2018
jrconlin added a commit that referenced this issue Sep 6, 2018
@jrconlin
f added discrete remote ip parser.
77d25df 
Closes #16
jrconlin added a commit that referenced this issue Sep 6, 2018
@jrconlin
f added discrete remote ip parser.
2ef595b 
Closes #16
jrconlin added a commit that referenced this issue Sep 6, 2018
@jrconlin
f added discrete remote ip parser.
c7c246a 
Closes #16
jrconlin added a commit that referenced this issue Sep 7, 2018
@jrconlin
f added discrete remote ip parser.
4893899 
Closes #16
@rfk rfk modified the milestones: fenix, FxA-156: Fenix Pairing flow Sep 13, 2018
@rfk rfk mentioned this issue Sep 13, 2018
Closed
@vladikoff
Copy link

@rfk and @jrconlin to chat about this

@jrconlin jrconlin mentioned this issue Sep 19, 2018
Merged
jrconlin added a commit that referenced this issue Sep 19, 2018
@jrconlin
Report accurate remote-ip in channelserver (#20)
c771ee0 
feat: fixup testing around meta and geoip lookup

* added discrete remote ip parser.
* update README.md, fix `test_chan` to test in one pass.
* add better comments
* fix ip lookup to match specification lookups
* set the `trusted_proxy_list` to use CIDRs

Closes #16
jrconlin added a commit that referenced this issue Oct 2, 2018
@jrconlin
Report accurate remote-ip in channelserver (#20)
8bd677f 
feat: fixup testing around meta and geoip lookup

* added discrete remote ip parser.
* update README.md, fix `test_chan` to test in one pass.
* add better comments
* fix ip lookup to match specification lookups
* set the `trusted_proxy_list` to use CIDRs

Closes #16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rfk rfk

Labels
train-122 waffle:review
Projects
None yet
Milestone
FxA-156: Fenix Pairing flow
Development

No branches or pull requests
3 participants
@rfk @jrconlin @vladikoff