kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Minor fix to correctly identify the entire scope of the loopback address, per RFC-3330.

Browse source 
From #38142

[Rafael Mendonça França + Nick Soracco]
This commit is contained in:
Nick Soracco 2020-01-02 11:50:06 -08:00 committed by Rafael Mendonça França
parent 9dfae153f2
commit 8544c9c236
No known key found for this signature in database
GPG key ID: FC23B6D0F1EEE948
2 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
actionpack/CHANGELOG.md
View file

@ -1,3 +1,7 @@
* Correctly identify the entire localhost IPv4 range as trusted proxy.
*Nick Soracco*
* `url_for` will now use "https://" as the default protocol when * `url_for` will now use "https://" as the default protocol when
`Rails.application.config.force_ssl` is set to true. `Rails.application.config.force_ssl` is set to true.

2
actionpack/lib/action_dispatch/middleware/remote_ip.rb
View file

@ -33,7 +33,7 @@ module ActionDispatch
# not be the ultimate client IP in production, and so are discarded. See # not be the ultimate client IP in production, and so are discarded. See
# https://en.wikipedia.org/wiki/Private_network for details. # https://en.wikipedia.org/wiki/Private_network for details.
TRUSTED_PROXIES = [ TRUSTED_PROXIES = [
"127.0.0.1", # localhost IPv4 "127.0.0.0/8", # localhost IPv4 range, per RFC-3330
"::1", # localhost IPv6 "::1", # localhost IPv6
"fc00::/7", # private IPv6 range fc00::/7 "fc00::/7", # private IPv6 range fc00::/7
"10.0.0.0/8", # private IPv4 range 10.x.x.x "10.0.0.0/8", # private IPv4 range 10.x.x.x