TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Explain the possible precautions

Browse Source
This commit is contained in:
Andre Arko 2013-01-02 15:34:27 -08:00
parent c79fb2ac8f
commit cc5a4bb4df
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
actionpack/lib/action_dispatch/middleware/remote_ip.rb
View File

@ -17,9 +17,10 @@ module ActionDispatch
# IF YOU DON'T USE A PROXY, THIS MAKES YOU VULNERABLE TO IP SPOOFING.
# This middleware assumes that there is at least one proxy sitting around
# and setting headers with the client's remote IP address. If you don't use
# a proxy, because you are hosted on e.g. Heroku, any client can claim to
# have any IP address by setting the X-Forwarded-For header. If you care
# about that, please take precautions.
# a proxy, because you are hosted on e.g. Heroku without SSL, any client can
# claim to have any IP address by setting the X-Forwarded-For header. If you
# care about that, then you need to explicitly drop or ignore those headers
# sometime before this middleware runs.
class RemoteIp
class IpSpoofAttackError < StandardError; end