We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 9031a44 commit 580b271Copy full SHA for 580b271
rack-protection/lib/rack/protection/ip_spoofing.rb
@@ -13,9 +13,11 @@ class IPSpoofing < Base
13
14
def accepts?(env)
15
return true unless env.include? 'HTTP_X_FORWARDED_FOR'
16
- ips = env['HTTP_X_FORWARDED_FOR'].split(/\s*,\s*/)
17
- return false if env.include? 'HTTP_CLIENT_IP' and not ips.include? env['HTTP_CLIENT_IP']
18
- return false if env.include? 'HTTP_X_REAL_IP' and not ips.include? env['HTTP_X_REAL_IP']
+
+ ips = env['HTTP_X_FORWARDED_FOR'].split(',').map(&:strip)
+ return false if env.include?('HTTP_CLIENT_IP') && (!ips.include? env['HTTP_CLIENT_IP'])
19
+ return false if env.include?('HTTP_X_REAL_IP') && (!ips.include? env['HTTP_X_REAL_IP'])
20
21
true
22
end
23
0 commit comments