diff options
author | Georgy Redkozubov <georgy.redkozubov@linaro.org> | 2012-08-30 13:44:29 +0400 |
---|---|---|
committer | Georgy Redkozubov <georgy.redkozubov@linaro.org> | 2012-08-30 13:44:29 +0400 |
commit | 7e1c324ef0fc1edc8148a89ce720f8fd91d070a4 (patch) | |
tree | d5c394d3a6ec950b5d684f2f14cca4b419ebc27e /license_protected_downloads | |
parent | 383714e137aa523f594eedd35b8edd59f7d353ed (diff) |
Removed X-FORWARDED-FOR header support since it is easy to spoof.
Diffstat (limited to 'license_protected_downloads')
-rw-r--r-- | license_protected_downloads/tests/test_views.py | 12 | ||||
-rw-r--r-- | license_protected_downloads/views.py | 6 |
2 files changed, 1 insertions, 17 deletions
diff --git a/license_protected_downloads/tests/test_views.py b/license_protected_downloads/tests/test_views.py index 4178497..1f246c5 100644 --- a/license_protected_downloads/tests/test_views.py +++ b/license_protected_downloads/tests/test_views.py @@ -353,18 +353,6 @@ class ViewTests(TestCase): r'lp:linaro-license-protection</a> r' + str(bzr_version.get_my_bzr_revno()))) - def test_exception_ip_x_forwarded_for(self): - internal_host = INTERNAL_HOSTS[0] - target_file = 'build-info/origen-blob.txt' - url = urlparse.urljoin("http://testserver/", target_file) - response = self.client.get(url, follow=True, - HTTP_X_FORWARDED_FOR=internal_host) - - # If we have access to the file, we will get an X-Sendfile response - self.assertEqual(response.status_code, 200) - file_path = os.path.join(TESTSERVER_ROOT, target_file) - self.assertEqual(response['X-Sendfile'], file_path) - def test_exception_ip_remote_addr(self): internal_host = INTERNAL_HOSTS[0] target_file = 'build-info/origen-blob.txt' diff --git a/license_protected_downloads/views.py b/license_protected_downloads/views.py index e348c53..4d0a909 100644 --- a/license_protected_downloads/views.py +++ b/license_protected_downloads/views.py @@ -232,11 +232,7 @@ def is_protected(path): def get_client_ip(request): - x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR') - if x_forwarded_for: - ip = x_forwarded_for.split(',')[-1].strip() - else: - ip = request.META.get('REMOTE_ADDR') + ip = request.META.get('REMOTE_ADDR') return ip |