linaro-license-protection

Merge lp:~gesha/linaro-license-protection/remove-x-forwarded-for into lp:~linaro-automation/linaro-license-protection/trunk

  1. remove-x-forwarded-for
  2. Merge into trunk
Proposed by Georgy Redkozubov
Status: Merged
Approved by: Данило Шеган
Approved revision: 125
Merged at revision: 125
Proposed branch: lp:~gesha/linaro-license-protection/remove-x-forwarded-for
Merge into: lp:~linaro-automation/linaro-license-protection/trunk
Diff against target: 37 lines (+1/-17)
2 files modified
license_protected_downloads/tests/test_views.py (+0/-12)
license_protected_downloads/views.py (+1/-5)
To merge this branch: bzr merge lp:~gesha/linaro-license-protection/remove-x-forwarded-for
Reviewer Review Type Date Requested Status
Данило Шеган (community) Approve
Review via email: mp+122021@code.launchpad.net

Description of the change

This branch removes X-FORWARDED-FOR support since it is easy to spoof even with wget.

To post a comment you must log in.
Revision history for this message
Данило Шеган (danilo) wrote :

Looks good, thanks.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'license_protected_downloads/tests/test_views.py'
--- license_protected_downloads/tests/test_views.py 2012-08-28 17:15:06 +0000
+++ license_protected_downloads/tests/test_views.py 2012-08-30 10:04:18 +0000
@@ -353,18 +353,6 @@
353 r'lp:linaro-license-protection</a> r' +353 r'lp:linaro-license-protection</a> r' +
354 str(bzr_version.get_my_bzr_revno())))354 str(bzr_version.get_my_bzr_revno())))
355355
356 def test_exception_ip_x_forwarded_for(self):
357 internal_host = INTERNAL_HOSTS[0]
358 target_file = 'build-info/origen-blob.txt'
359 url = urlparse.urljoin("http://testserver/", target_file)
360 response = self.client.get(url, follow=True,
361 HTTP_X_FORWARDED_FOR=internal_host)
362
363 # If we have access to the file, we will get an X-Sendfile response
364 self.assertEqual(response.status_code, 200)
365 file_path = os.path.join(TESTSERVER_ROOT, target_file)
366 self.assertEqual(response['X-Sendfile'], file_path)
367
368 def test_exception_ip_remote_addr(self):356 def test_exception_ip_remote_addr(self):
369 internal_host = INTERNAL_HOSTS[0]357 internal_host = INTERNAL_HOSTS[0]
370 target_file = 'build-info/origen-blob.txt'358 target_file = 'build-info/origen-blob.txt'
371359
=== modified file 'license_protected_downloads/views.py'
--- license_protected_downloads/views.py 2012-08-28 17:15:06 +0000
+++ license_protected_downloads/views.py 2012-08-30 10:04:18 +0000
@@ -232,11 +232,7 @@
232232
233233
234def get_client_ip(request):234def get_client_ip(request):
235 x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')235 ip = request.META.get('REMOTE_ADDR')
236 if x_forwarded_for:
237 ip = x_forwarded_for.split(',')[-1].strip()
238 else:
239 ip = request.META.get('REMOTE_ADDR')
240 return ip236 return ip
241237
242238

Subscribers

People subscribed via source and target branches