We use cookies to ensure you get the best experience on our website
Página inicial Explorar Ajuda
Registrar Entrar
0ct0pu5
/
desec-stack
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

fix(api): fix django source of remote IP

In accordance with the nginx default uwsgi parameters, we cannot
trust the X-Forwarded-For HTTP header field. However, nxing uwsgi
parameters guarantee that the uwsgi REMOTE_ADDR field contains
the IP that is talking to nginx.

State prior to this commit compromise the abuse checks that are
conducted relying on the remote IP address.

This closes nils-wisiol/desec-internal#8.
Nils Wisiol 8 anos atrás
pai
9342584997
commit
ecee5025f3
1 arquivos alterados com 1 adições e 6 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 1 6
      api/desecapi/views.py

+ 1 - 6
api/desecapi/views.py
Ver arquivo 

@@ -29,12 +29,7 @@ from desecapi.emails import send_account_lock_email
 
 
 
 def get_client_ip(request):
 
-    x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
 
-    if x_forwarded_for:
 
-        ip = x_forwarded_for.split(',')[0]
 
-    else:
 
-        ip = request.META.get('REMOTE_ADDR')
 
-    return ip
 
+    return request.META.get('REMOTE_ADDR')
 
 
 
 class DomainList(generics.ListCreateAPIView):

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5