lib/action_dispatch/middleware/remote_ip.rb in actionpack-6.1.7.10 vs lib/action_dispatch/middleware/remote_ip.rb in actionpack-7.0.0.alpha1

- old
+ new

@@ -49,14 +49,12 @@ # is raised if it looks like the client is trying to lie about its own IP # address. It makes sense to turn off this check on sites aimed at non-IP # clients (like WAP devices), or behind proxies that set headers in an # incorrect or confusing way (like AWS ELB). # - # The +custom_proxies+ argument can take an Array of string, IPAddr, or - # Regexp objects which will be used instead of +TRUSTED_PROXIES+. If a - # single string, IPAddr, or Regexp object is provided, it will be used in - # addition to +TRUSTED_PROXIES+. Any proxy setup will put the value you + # The +custom_proxies+ argument can take an enumerable which will be used + # instead of +TRUSTED_PROXIES+. Any proxy setup will put the value you # want in the middle (or at the beginning) of the X-Forwarded-For list, # with your proxy servers after it. If your proxies aren't removed, pass # them in via the +custom_proxies+ parameter. That way, the middleware will # ignore those IP addresses, and return the one that you want. def initialize(app, ip_spoofing_check = true, custom_proxies = nil) @@ -65,9 +63,23 @@ @proxies = if custom_proxies.blank? TRUSTED_PROXIES elsif custom_proxies.respond_to?(:any?) custom_proxies else + ActiveSupport::Deprecation.warn(<<~EOM) + Setting config.action_dispatch.trusted_proxies to a single value has + been deprecated. Please set this to an enumerable instead. For + example, instead of: + + config.action_dispatch.trusted_proxies = IPAddr.new("10.0.0.0/8") + + Wrap the value in an Array: + + config.action_dispatch.trusted_proxies = [IPAddr.new("10.0.0.0/8")] + + Note that unlike passing a single argument, passing an enumerable + will *replace* the default set of trusted proxies. + EOM Array(custom_proxies) + TRUSTED_PROXIES end end # Since the IP address may not be needed, we store the object here