Skip to content
This repository
Browse code

Make Request#remote_ip return nil when HTTP_X_FORWARDED_FOR is empty

If HTTP_X_FORWARDED_FOR only contains whitespace, don't try to extract a
list of IP addresses from it.
  • Loading branch information...
commit cd2136aed6350b2bc7e5c0f3f57dfd7f141f76e8 1 parent e0774e4
Daniel Schierbeck dasch authored
2  actionpack/lib/action_controller/request.rb
@@ -225,7 +225,7 @@ def remote_ip
225 225 not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES}
226 226 return not_trusted_addrs.first unless not_trusted_addrs.empty?
227 227 end
228   - remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
  228 + remote_ips = @env['HTTP_X_FORWARDED_FOR'].present? && @env['HTTP_X_FORWARDED_FOR'].split(',')
229 229
230 230 if @env.include? 'HTTP_CLIENT_IP'
231 231 if ActionController::Base.ip_spoofing_check && remote_ips && !remote_ips.include?(@env['HTTP_CLIENT_IP'])
3  actionpack/test/controller/request_test.rb
@@ -20,6 +20,9 @@ def test_remote_ip
20 20 'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
21 21 assert_equal '1.2.3.4', request.remote_ip
22 22
  23 + request = stub_request 'HTTP_X_FORWARDED_FOR' => ''
  24 + assert_nil request.remote_ip
  25 +
23 26 request = stub_request 'REMOTE_ADDR' => '127.0.0.1',
24 27 'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
25 28 assert_equal '3.4.5.6', request.remote_ip

0 comments on commit cd2136a

Please sign in to comment.
Something went wrong with that request. Please try again.