Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Move ip_hash to secret vault and rename it to "true_ip".

  • Loading branch information...
commit f8bf988006b1a86a5b055b6d917cc590dca2344f 1 parent 3aacf8d
@spladug spladug authored
Showing with 4 additions and 4 deletions.
  1. +2 −2 r2/example.ini
  2. +2 −2 r2/r2/lib/base.py
View
4 r2/example.ini
@@ -17,6 +17,8 @@ FEEDSECRET = YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5
ADMINSECRET = YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5
# used to securely authenticate websocket requests to sutro
websocket = YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5
+# secret for validating HTTP_TRUE_CLIENT_IP_HASH as sent by the CDN
+true_ip =
[DEFAULT]
############################################ SITE-SPECIFIC OPTIONS
@@ -84,8 +86,6 @@ subreddit_stylesheets_static = false
# if your webserver is a proxy and on a different instance on the same 10.0.0.0/8 network or host
# set X-forwarded-for and set this to true
trust_local_proxies = false
-# hash for validating HTTP_TRUE_CLIENT_IP_HASH as sent by the CDN
-ip_hash =
# Location (directory) for temp files for diff3 merging
# Empty will use python default for temp files
diff3_temp_location =
View
4 r2/r2/lib/base.py
@@ -90,10 +90,10 @@ def __call__(self, environ, start_response):
forwarded_for = environ.get('HTTP_X_FORWARDED_FOR', ())
remote_addr = environ.get('REMOTE_ADDR')
- if (g.ip_hash
+ if (g.secrets["true_ip"]
and true_client_ip
and ip_hash
- and hashlib.md5(true_client_ip + g.ip_hash).hexdigest() \
+ and hashlib.md5(true_client_ip + g.secrets["true_ip"]).hexdigest() \
== ip_hash.lower()):
request.ip = true_client_ip
elif g.trust_local_proxies and forwarded_for and is_local_address(remote_addr):
Please sign in to comment.
Something went wrong with that request. Please try again.