rack 2.2.0 → 2.2.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rack might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -1
- data/SPEC.rdoc +5 -9
- data/lib/rack/request.rb +17 -7
- data/lib/rack/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ecd99d8eb4cb36d36f656ff9f0d688f5e97cfc9c219ea61daf75cc11c5b213fe
|
4
|
+
data.tar.gz: d61d3ae82e127877da8629b4d8f36fb8007b51793589c864f9632aed55bdc5fd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4e2b43fae3062393ce93b0a9624177551a5aca4cb537203a99245b37ad97417f7f4e5d593ace93068cda6b8cce5fb111496caf46af90ff4ab16082b1d6927bd0
|
7
|
+
data.tar.gz: 43f899d6905c51240e5b2ba429818a025596a0a7cdb7b447a3f2760c8af50999387d7f198e7a553befd82eb66784e16ad6cb8f6720e300904388fb07b6365917
|
data/CHANGELOG.md
CHANGED
@@ -2,7 +2,13 @@
|
|
2
2
|
|
3
3
|
All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
|
4
4
|
|
5
|
-
##
|
5
|
+
## [2.2.1] - 2020-02-09
|
6
|
+
|
7
|
+
### Fixed
|
8
|
+
|
9
|
+
- Rework `Rack::Request#ip` to handle empty `forwarded_for`. ([#1577](https://github.com/rack/rack/pull/1577), [@ioquatix](https://github.com/ioquatix))
|
10
|
+
|
11
|
+
## [2.2.0] - 2020-02-08
|
6
12
|
|
7
13
|
### SPEC Changes
|
8
14
|
|
data/SPEC.rdoc
CHANGED
@@ -42,18 +42,17 @@ below.
|
|
42
42
|
<tt>QUERY_STRING</tt>:: The portion of the request URL that
|
43
43
|
follows the <tt>?</tt>, if any. May be
|
44
44
|
empty, but is always required!
|
45
|
-
<tt>SERVER_NAME</tt
|
45
|
+
<tt>SERVER_NAME</tt>, <tt>SERVER_PORT</tt>::
|
46
|
+
When combined with <tt>SCRIPT_NAME</tt> and
|
46
47
|
<tt>PATH_INFO</tt>, these variables can be
|
47
48
|
used to complete the URL. Note, however,
|
48
49
|
that <tt>HTTP_HOST</tt>, if present,
|
49
50
|
should be used in preference to
|
50
51
|
<tt>SERVER_NAME</tt> for reconstructing
|
51
52
|
the request URL.
|
52
|
-
<tt>SERVER_NAME</tt>
|
53
|
-
|
54
|
-
|
55
|
-
server is running on. Should be specified if
|
56
|
-
the server is running on a non-standard port.
|
53
|
+
<tt>SERVER_NAME</tt> and <tt>SERVER_PORT</tt>
|
54
|
+
can never be empty strings, and so
|
55
|
+
are always required.
|
57
56
|
<tt>HTTP_</tt> Variables:: Variables corresponding to the
|
58
57
|
client-supplied HTTP request
|
59
58
|
headers (i.e., variables whose
|
@@ -123,9 +122,6 @@ and should be prefixed uniquely. The prefix rack.
|
|
123
122
|
is reserved for use with the Rack core distribution and other
|
124
123
|
accepted specifications and must not be used otherwise.
|
125
124
|
|
126
|
-
The <tt>SERVER_PORT</tt> must be an Integer if set.
|
127
|
-
The <tt>SERVER_NAME</tt> must be a valid authority as defined by RFC7540.
|
128
|
-
The <tt>HTTP_HOST</tt> must be a valid authority as defined by RFC7540.
|
129
125
|
The environment must not contain the keys
|
130
126
|
<tt>HTTP_CONTENT_TYPE</tt> or <tt>HTTP_CONTENT_LENGTH</tt>
|
131
127
|
(use the versions without <tt>HTTP_</tt>).
|
data/lib/rack/request.rb
CHANGED
@@ -352,16 +352,26 @@ module Rack
|
|
352
352
|
end
|
353
353
|
|
354
354
|
def ip
|
355
|
-
|
356
|
-
|
355
|
+
remote_addresses = split_header(get_header('REMOTE_ADDR'))
|
356
|
+
external_addresses = reject_trusted_ip_addresses(remote_addresses)
|
357
357
|
|
358
|
-
|
359
|
-
|
360
|
-
|
361
|
-
forwarded_ips = self.forwarded_for
|
358
|
+
unless external_addresses.empty?
|
359
|
+
return external_addresses.first
|
360
|
+
end
|
362
361
|
|
363
|
-
|
362
|
+
if forwarded_for = self.forwarded_for
|
363
|
+
unless forwarded_for.empty?
|
364
|
+
# The forwarded for addresses are ordered: client, proxy1, proxy2.
|
365
|
+
# So we reject all the trusted addresses (proxy*) and return the
|
366
|
+
# last client. Or if we trust everyone, we just return the first
|
367
|
+
# address.
|
368
|
+
return reject_trusted_ip_addresses(forwarded_for).last || forwarded_for.first
|
369
|
+
end
|
364
370
|
end
|
371
|
+
|
372
|
+
# If all the addresses are trusted, and we aren't forwarded, just return
|
373
|
+
# the first remote address, which represents the source of the request.
|
374
|
+
remote_addresses.first
|
365
375
|
end
|
366
376
|
|
367
377
|
# The media type (type/subtype) portion of the CONTENT_TYPE header
|
data/lib/rack/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Leah Neukirchen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-02-
|
11
|
+
date: 2020-02-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: minitest
|
@@ -184,7 +184,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
184
184
|
- !ruby/object:Gem::Version
|
185
185
|
version: '0'
|
186
186
|
requirements: []
|
187
|
-
rubygems_version: 3.
|
187
|
+
rubygems_version: 3.0.6
|
188
188
|
signing_key:
|
189
189
|
specification_version: 4
|
190
190
|
summary: A modular Ruby webserver interface.
|