Fix for ticket #904 - Addition of get_claimed_ip() to HTTPRequest #1051
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…equest As per ticket description of ticket tornadoweb#904, a method to return the first public IP address from X-Forwarded-For should be implemented. This update contains the below changes: 1. In tornado/httpserver.py HTTPRequest.get_claimed_ip() is implemented which simply returns remote_ip 2. In tornado/test/httpserver_test.py The test for verifying ip_headers already existed in XHeaders. I simply modified the internal class Handler to retrieve the output of get_claimed_ip from the request messge and write it to the dictionary. The same tests that were written for verifying ip_headers have been re-used except that they now check that remote ip equals claimed_ip
|
get_claimed_ip should not simply return request.remote_ip. When a multi-valued X-Forwarded-For header is present, remote_ip should be the last value in the header, and get_claimed_ip should be the first non-private address (i.e. excluding the rfc 1918 blocks and 127/8), with analogous logic for the other xheaders (but simpler since X-Forwarded-For is the only one that takes multiple values). We may even want to interpret X-Forwarded-For for purposes of get_claimed_ip even when xheaders is disabled. |
|
Closing due to inactivity. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As per ticket description of ticket #904, a method to return the first
public IP address from X-Forwarded-For should be implemented. This
update contains the below changes:
HTTPRequest.get_claimed_ip() is implemented which simply returns
remote_ip
The test for verifying ip_headers already existed in XHeaders. I simply
modified the internal class Handler to retrieve the output of
get_claimed_ip from the request messge and write it to the dictionary.
The same tests that were written for verifying ip_headers have been
re-used except that they now check that remote ip equals claimed_ip