Don’t ignore X-Forwarded-For IPs with ports attached (again)
Created by: ybiquitous
Motivation / Background
This Pull Request has been created because I'd like to merge #39134 again, which was reverted due to Rack versions compatibility.
Detail
This Pull Request doesn't ignore X-Forwarded-For IPs with ports attached, e.g. 3.4.5.6:1234
or [fe80:0000:0000:0000:0202:b3ff:fe1e:8329]:3000
, in the ActionDispatch::RemoteIp
middleware. For details, see the description in #39134 (thanks to @duncanjbrown).
I've cherry-picked the commit https://github.com/rails/rails/pull/39134/commits/c2077c850715b359a24a6b083d2e042565587c52 and modified partially for the latest Rails code (added a test case for IPv6, too).
Additional information
I believe there is no longer a compatibility issue because:
- the latest
actionpack
gem requires Rack 2.2.4 or later, https://github.com/rails/rails/blob/bbc6230ae7a708750a9bc14102bd4627ba85cd1a/actionpack/actionpack.gemspec#L40 - Rack 2.2.x series have supported the
Rack::Request#forwarded_for
API: https://github.com/rack/rack/blob/v2.2.1/lib/rack/request.rb#L330
Checklist
Before submitting the PR make sure the following are checked:
-
This Pull Request is related to one change. Changes that are unrelated should be opened in separate PRs. -
Commit message has a detailed description of what changed and why. If this PR fixes a related issue include it in the commit message. Ex: [Fix #issue-number]
-
Tests are added or updated if you fix a bug or add a feature. -
CHANGELOG files are updated for the changed libraries if there is a behavior change or additional feature. Minor bug fixes and documentation changes should not be included.