Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Feb 26, 2013
  1. @vijaydev
Commits on Feb 21, 2013
  1. @carsonmcdonald

    Typo fix.

    carsonmcdonald authored
Commits on Feb 18, 2013
  1. @amatsuda
Commits on Feb 11, 2013
  1. @carsonmcdonald

    Fix typo.

    carsonmcdonald authored
    [ci skip]
Commits on Jan 2, 2013
  1. @indirect
  2. @indirect

    Restore original remote_ip algorithm.

    indirect authored
    Proxy servers add X-Forwarded-For headers, resulting in a list of IPs. We
    remove trusted IP values, and then take the last given value, assuming that
    it is the most likely to be the correct, unfaked value. See [1] for a very
    thorough discussion of why that is the best option we have at the moment.
    
    [1]: http://blog.gingerlime.com/2012/rails-ip-spoofing-vulnerabilities-and-protection/
    
    Fixes #7979
Commits on Nov 1, 2012
  1. @lest

    memoize calculated ip without additional variable

    lest authored
    There is no need in additional `@calculated_ip` instance variable.
Commits on Apr 25, 2012
  1. @gazay
Commits on Feb 7, 2012
  1. @josevalim

    Merge pull request #2490 from gsterndale/x_forwarded_for_order

    josevalim authored
    The first IP address in the X-Forwarded-For header is the originating IP
  2. @gsterndale
  3. @gsterndale
Commits on Jan 6, 2012
  1. @carlosantoniodasilva
Commits on Nov 17, 2011
  1. @arunagw

    It should be @calculated_ip not @calculate_ip

    arunagw authored
    We are using @calculated_ip. 
    @calculate_ip is no where used
  2. @tenderlove
Commits on Nov 16, 2011
  1. @indirect
  2. @indirect

    Revert "Revert "Merge pull request #3640 from indirect/remote_ip""

    indirect authored
    This reverts commit 8d1a2b3, because I have fixed the issues this commit caused in the next commit.
Commits on Nov 15, 2011
  1. @jonleighton

    Revert "Merge pull request #3640 from indirect/remote_ip"

    jonleighton authored
    This reverts commit 6491aad, reversing
    changes made to 83bf0b6.
    
    See #3640 (comment) for
    explanation.
  2. @indirect
Commits on Nov 14, 2011
  1. @indirect
  2. @indirect

    cleaner names

    indirect authored
Commits on Nov 13, 2011
  1. @indirect
  2. @indirect
  3. @indirect
Commits on Nov 12, 2011
  1. @indirect
  2. @indirect

    refactor RemoteIp middleware

    indirect authored
    - return the last forwarded IP before REMOTE_ADDR to handle proxies
    - remove completely superfluous RemoteIpGetter class
    - remove duplication of trusted proxies regexp
    - remove unused constant from Request
    - move comments from Request to where they are actually relevant
    - edit comments for clarity of purpose
    
    The original code (confusingly) tried to return REMOTE_ADDR both at the beginning and the end of the chain of options. Since REMOTE_ADDR is _always_ set, this is kind of silly. This change leaves REMOTE_ADDR as the last option, so that proxied requests will be assigned the correct remote IP address.
Commits on Mar 4, 2010
  1. Move remote_ip to a middleware:

    Carlhuda authored Carl Lerche committed
      * ActionController::Base.ip_spoofing_check deprecated => config.action_dispatch.ip_spoofing_check
      * ActionController::Base.trusted_proxies deprecated => config.action_dispatch.trusted_proxies
Something went wrong with that request. Please try again.