Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Trusted proxies is replaced with a Regexp or appended to with a String

  • Loading branch information...
commit dd09811fa6214a130fdc2de1d4c00b4337cb15f9 1 parent ed9aeec
Greg Sterndale gsterndale authored
10 actionpack/lib/action_dispatch/middleware/remote_ip.rb
View
@@ -18,11 +18,13 @@ class IpSpoofAttackError < StandardError ; end
def initialize(app, check_ip_spoofing = true, custom_proxies = nil)
@app = app
@check_ip = check_ip_spoofing
- if custom_proxies
- custom_regexp = Regexp.new(custom_proxies)
- @proxies = Regexp.union(TRUSTED_PROXIES, custom_regexp)
+ @proxies = case custom_proxies
+ when Regexp
+ custom_proxies
+ when nil
+ TRUSTED_PROXIES
else
- @proxies = TRUSTED_PROXIES
+ Regexp.union(TRUSTED_PROXIES, custom_proxies)
end
end
15 actionpack/test/dispatch/request_test.rb
View
@@ -94,8 +94,8 @@ def url_for(options = {})
assert_equal '127.0.0.1', request.remote_ip
end
- test "remote ip with user specified trusted proxies" do
- @trusted_proxies = /^67\.205\.106\.73$/i
+ test "remote ip with user specified trusted proxies String" do
+ @trusted_proxies = "67.205.106.73"
request = stub_request 'REMOTE_ADDR' => '67.205.106.73',
'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
@@ -120,6 +120,17 @@ def url_for(options = {})
assert_equal '3.4.5.6', request.remote_ip
end
+ test "remote ip with user specified trusted proxies Regexp" do
+ @trusted_proxies = /^67\.205\.106\.73$/i
+
+ request = stub_request 'REMOTE_ADDR' => '67.205.106.73',
+ 'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
+ assert_equal '3.4.5.6', request.remote_ip
+
+ request = stub_request 'HTTP_X_FORWARDED_FOR' => '9.9.9.9, 3.4.5.6, 10.0.0.1, 67.205.106.73'
+ assert_equal '10.0.0.1', request.remote_ip
+ end
+
test "domains" do
request = stub_request 'HTTP_HOST' => 'www.rubyonrails.org'
assert_equal "rubyonrails.org", request.domain
Please sign in to comment.
Something went wrong with that request. Please try again.