Skip to content

Commit

Permalink
Merge pull request #81 from EiNSTeiN-/forward-user-info
Browse files Browse the repository at this point in the history 
Forward user info
  • Loading branch information
@oreoshake
oreoshake committed Dec 18, 2013
2 parents bfdcb2b + 5168ac5 commit d77756b
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 0 deletions.
17 changes: 17 additions & 0 deletions app/controllers/content_security_policy_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,15 @@ def forward_params_to(forward_endpoint)
use_ssl(http)
end

ua = request.user_agent
xff = forwarded_for

request = Net::HTTP::Post.new(uri.to_s)
request.initialize_http_header({
'User-Agent' => ua,
'X-Forwarded-For' => xff,
'Content-Type' => 'application/json',
})
request.body = params.to_json

# fire and forget
Expand All @@ -38,6 +46,15 @@ def forward_params_to(forward_endpoint)
end
end

def forwarded_for
req_xff = request.env["HTTP_X_FORWARDED_FOR"]
if req_xff && req_xff != ""
"#{req_xff}, #{request.remote_ip}"
else
request.remote_ip
end
end

def use_ssl request
request.use_ssl = true
request.ca_file = CA_FILE
Expand Down
16 changes: 16 additions & 0 deletions spec/controllers/content_security_policy_controller_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,21 @@
}
}

class FakeRequest
def user_agent
"Foo"
end
def env
{"HTTP_X_FORWARDED_FOR" => ""}
end
def remote_ip
"123.12.45.67"
end
def content_type
"application/json"
end
end

describe "#csp" do
let(:request) { double().as_null_object }
let(:endpoint) { "https://example.com" }
Expand All @@ -20,6 +35,7 @@
SecureHeaders::Configuration.stub(:csp).and_return({:report_uri => endpoint, :forward_endpoint => secondary_endpoint})
subject.should_receive :head
subject.stub(:params).and_return(params)
subject.stub(:request).and_return(FakeRequest.new)
Net::HTTP.any_instance.stub(:request)
end

Expand Down

0 comments on commit d77756b

Please sign in to comment.