summaryrefslogtreecommitdiff
path: root/spec/initializers/trusted_proxies_spec.rb
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2016-07-23 21:01:23 -0700
committerStan Hu <stanhu@gmail.com>2016-07-23 21:06:19 -0700
commit8d73c7613178f5d46ff91a81f7783ca907deb64a (patch)
treeefdf5ed38e0d465b71127a09ed0e807f3b5b0cbb /spec/initializers/trusted_proxies_spec.rb
parent03738bdd48d64e30c068df54eaf7e44d21e3c9fa (diff)
downloadgitlab-ce-8d73c7613178f5d46ff91a81f7783ca907deb64a.tar.gz
Ignore invalid trusted proxies in X-Forwarded-For headerreject-invalid-trusted-proxies
Certain reverse proxies can send invalid IP addresses in the X-Forwarded-For header For example, Apache can send (null). Closes #20194
Diffstat (limited to 'spec/initializers/trusted_proxies_spec.rb')
-rw-r--r--spec/initializers/trusted_proxies_spec.rb6
1 files changed, 6 insertions, 0 deletions
diff --git a/spec/initializers/trusted_proxies_spec.rb b/spec/initializers/trusted_proxies_spec.rb
index 14c8df954a6..52d5a7dffc9 100644
--- a/spec/initializers/trusted_proxies_spec.rb
+++ b/spec/initializers/trusted_proxies_spec.rb
@@ -17,6 +17,12 @@ describe 'trusted_proxies', lib: true do
expect(request.remote_ip).to eq('10.1.5.89')
expect(request.ip).to eq('10.1.5.89')
end
+
+ it 'filters out bad values' do
+ request = stub_request('HTTP_X_FORWARDED_FOR' => '(null), 10.1.5.89')
+ expect(request.remote_ip).to eq('10.1.5.89')
+ expect(request.ip).to eq('10.1.5.89')
+ end
end
context 'with private IP ranges added' do