Skip to content
This repository
Browse code

Merge pull request #2490 from gsterndale/x_forwarded_for_order

The first IP address in the X-Forwarded-For header is the originating IP
  • Loading branch information...
commit 275c3a1cb3d0f38d1a28b1a8d6145a4d7e379acc 2 parents abe4a8d + 6a72022
José Valim josevalim authored
2  actionpack/lib/action_dispatch/middleware/remote_ip.rb
@@ -59,7 +59,7 @@ def calculate_ip
59 59 "HTTP_X_FORWARDED_FOR=#{@env['HTTP_X_FORWARDED_FOR'].inspect}"
60 60 end
61 61
62   - not_proxy = client_ip || forwarded_ips.last || remote_addrs.first
  62 + not_proxy = client_ip || forwarded_ips.first || remote_addrs.first
63 63
64 64 # Return first REMOTE_ADDR if there are no other options
65 65 not_proxy || ips_from('REMOTE_ADDR', :allow_proxies).first
8 actionpack/test/dispatch/request_test.rb
@@ -42,7 +42,7 @@ def url_for(options = {})
42 42 'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
43 43 assert_equal '3.4.5.6', request.remote_ip
44 44
45   - request = stub_request 'HTTP_X_FORWARDED_FOR' => 'unknown,3.4.5.6'
  45 + request = stub_request 'HTTP_X_FORWARDED_FOR' => '3.4.5.6,unknown'
46 46 assert_equal '3.4.5.6', request.remote_ip
47 47
48 48 request = stub_request 'HTTP_X_FORWARDED_FOR' => '172.16.0.1,3.4.5.6'
@@ -63,7 +63,7 @@ def url_for(options = {})
63 63 request = stub_request 'HTTP_X_FORWARDED_FOR' => 'unknown,192.168.0.1'
64 64 assert_equal 'unknown', request.remote_ip
65 65
66   - request = stub_request 'HTTP_X_FORWARDED_FOR' => '9.9.9.9, 3.4.5.6, 10.0.0.1, 172.31.4.4'
  66 + request = stub_request 'HTTP_X_FORWARDED_FOR' => '3.4.5.6, 9.9.9.9, 10.0.0.1, 172.31.4.4'
67 67 assert_equal '3.4.5.6', request.remote_ip
68 68
69 69 request = stub_request 'HTTP_X_FORWARDED_FOR' => '1.1.1.1',
@@ -85,7 +85,7 @@ def url_for(options = {})
85 85 :ip_spoofing_check => false
86 86 assert_equal '2.2.2.2', request.remote_ip
87 87
88   - request = stub_request 'HTTP_X_FORWARDED_FOR' => '8.8.8.8, 9.9.9.9'
  88 + request = stub_request 'HTTP_X_FORWARDED_FOR' => '9.9.9.9, 8.8.8.8'
89 89 assert_equal '9.9.9.9', request.remote_ip
90 90 end
91 91
@@ -116,7 +116,7 @@ def url_for(options = {})
116 116 request = stub_request 'HTTP_X_FORWARDED_FOR' => 'unknown,67.205.106.73'
117 117 assert_equal 'unknown', request.remote_ip
118 118
119   - request = stub_request 'HTTP_X_FORWARDED_FOR' => '9.9.9.9, 3.4.5.6, 10.0.0.1, 67.205.106.73'
  119 + request = stub_request 'HTTP_X_FORWARDED_FOR' => '3.4.5.6, 9.9.9.9, 10.0.0.1, 67.205.106.73'
120 120 assert_equal '3.4.5.6', request.remote_ip
121 121 end
122 122

2 comments on commit 275c3a1

Eric Hochberger

Can we get this forwarded ip fix into the next 3.2.x release? This is kind of a big deal for me using Google Page Speed Service in front of Heroku...

Steve Klabnik
Collaborator

You're gonna want to see #7980

Please sign in to comment.
Something went wrong with that request. Please try again.