kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionpack/test
History
Matthew Draper d160a8d637 When all IPs are trusted, use the furthest away 
Scenario: we have a REMOTE_ADDR of `127.0.0.1`, and X-Forwarded-For is
`A, B, C`.

Without any relevant trust, the `remote_ip` is `C`.

If `C` is trusted, then the `remote_ip` is `B`.

If `B` and `C` are trusted, then the `remote_ip` is `A`.

If all of `A`, `B`, and `C` are trusted, then the `remote_ip` should
still be `A`: if our trust was sufficient to get that far out before,
trusting something else should not have us fall back to `127.0.0.1`.

It is this last situation that we're correcting here:

We trust `A` to give us accurate X-Forwarded-For information, yet it has
chosen to leave it unset. Therefore, `A` is telling us that it is itself
the client.
2020-01-03 09:03:23 -05:00
..
abstract
assertions
controller Merge pull request #38139 from roramirez/log-for-no-exten 2020-01-02 20:22:00 -03:00
dispatch When all IPs are trusted, use the furthest away 2020-01-03 09:03:23 -05:00
fixtures
journey Enable Layout/EmptyLinesAroundAccessModifier cop 2019-06-13 12:00:45 +09:00
lib Render objects that respond_to render_in in controllers 2019-12-09 16:43:18 -07:00
routing
abstract_unit.rb Remove ENV['TRAVIS'] 2020-01-02 09:23:06 +09:00