There is a bug in trusted proxies: https://github.com/rails/rails/issues/5223
This commit adds a monkey patch to fix the bug.
Example of errors:
```
1) trusted_proxies with default config preserves private IPs
Failure/Error: expect(request.ip).to eq('10.1.5.89')
expected: "10.1.5.89"
got: nil
(compared using ==)
# ./spec/initializers/trusted_proxies_spec.rb:12:in `block (3 levels) in <top (required)>'
2) trusted_proxies with default config filters out localhost
Failure/Error: expect(request.ip).to eq('10.1.5.89')
expected: "10.1.5.89"
got: "1.1.1.1"
(compared using ==)
# ./spec/initializers/trusted_proxies_spec.rb:18:in `block (3 levels) in <top (required)>'
```
This allows us to control the trusted proxies while deployed in a private network. Normally Rack::Request will trust all private IPs as trusted proxies, which can caue problems if your users are connection on you network via private IP ranges.
Normally in a rails app this is handled by action_dispatch request, but rack_attack is specifically using the Rack::Request object instead.
GitLab Bot