debian-mirror-gitlab/config/initializers/trusted_proxies.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

36 lines
1.2 KiB
Ruby
Raw Permalink Normal View History

2021-03-11 19:13:27 +05:30
# frozen_string_literal: true
2016-08-24 12:49:21 +05:30
# Override Rack::Request to make use of the same list of trusted_proxies
# as the ActionDispatch::Request object. This is necessary for libraries
# like rack_attack where they don't use ActionDispatch, and we want them
# to block/throttle requests on private networks.
2018-03-17 18:26:18 +05:30
# Rack Attack specific issue: https://github.com/kickstarter/rack-attack/issues/145
2016-08-24 12:49:21 +05:30
module Rack
class Request
def trusted_proxy?(ip)
Rails.application.config.action_dispatch.trusted_proxies.any? { |proxy| proxy === ip }
rescue IPAddr::InvalidAddressError
false
end
end
end
gitlab_trusted_proxies = Array(Gitlab.config.gitlab.trusted_proxies).map do |proxy|
2019-07-07 11:18:12 +05:30
IPAddr.new(proxy)
2021-04-29 21:17:54 +05:30
rescue IPAddr::InvalidAddressError
2016-08-24 12:49:21 +05:30
end.compact
2016-06-02 11:05:42 +05:30
Rails.application.config.action_dispatch.trusted_proxies = (
2017-08-17 22:00:37 +05:30
['127.0.0.1', '::1'] + gitlab_trusted_proxies)
2018-10-15 14:42:47 +05:30
# A monkey patch to make trusted proxies work with Rails 5.0.
# Inspired by https://github.com/rails/rails/issues/5223#issuecomment-263778719
# Remove this monkey patch when upstream is fixed.
2019-02-15 15:39:39 +05:30
module TrustedProxyMonkeyPatch
def ip
@ip ||= (get_header("action_dispatch.remote_ip") || super).to_s
2018-10-15 14:42:47 +05:30
end
end
2019-02-15 15:39:39 +05:30
2021-03-08 18:12:59 +05:30
ActionDispatch::Request.include TrustedProxyMonkeyPatch