aboutsummaryrefslogtreecommitdiff
path: root/license_protected_downloads
diff options
context:
space:
mode:
authorGeorgy Redkozubov <georgy.redkozubov@linaro.org>2012-08-30 13:44:29 +0400
committerGeorgy Redkozubov <georgy.redkozubov@linaro.org>2012-08-30 13:44:29 +0400
commit7e1c324ef0fc1edc8148a89ce720f8fd91d070a4 (patch)
treed5c394d3a6ec950b5d684f2f14cca4b419ebc27e /license_protected_downloads
parent383714e137aa523f594eedd35b8edd59f7d353ed (diff)
Removed X-FORWARDED-FOR header support since it is easy to spoof.
Diffstat (limited to 'license_protected_downloads')
-rw-r--r--license_protected_downloads/tests/test_views.py12
-rw-r--r--license_protected_downloads/views.py6
2 files changed, 1 insertions, 17 deletions
diff --git a/license_protected_downloads/tests/test_views.py b/license_protected_downloads/tests/test_views.py
index 4178497..1f246c5 100644
--- a/license_protected_downloads/tests/test_views.py
+++ b/license_protected_downloads/tests/test_views.py
@@ -353,18 +353,6 @@ class ViewTests(TestCase):
r'lp:linaro-license-protection</a> r' +
str(bzr_version.get_my_bzr_revno())))
- def test_exception_ip_x_forwarded_for(self):
- internal_host = INTERNAL_HOSTS[0]
- target_file = 'build-info/origen-blob.txt'
- url = urlparse.urljoin("http://testserver/", target_file)
- response = self.client.get(url, follow=True,
- HTTP_X_FORWARDED_FOR=internal_host)
-
- # If we have access to the file, we will get an X-Sendfile response
- self.assertEqual(response.status_code, 200)
- file_path = os.path.join(TESTSERVER_ROOT, target_file)
- self.assertEqual(response['X-Sendfile'], file_path)
-
def test_exception_ip_remote_addr(self):
internal_host = INTERNAL_HOSTS[0]
target_file = 'build-info/origen-blob.txt'
diff --git a/license_protected_downloads/views.py b/license_protected_downloads/views.py
index e348c53..4d0a909 100644
--- a/license_protected_downloads/views.py
+++ b/license_protected_downloads/views.py
@@ -232,11 +232,7 @@ def is_protected(path):
def get_client_ip(request):
- x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
- if x_forwarded_for:
- ip = x_forwarded_for.split(',')[-1].strip()
- else:
- ip = request.META.get('REMOTE_ADDR')
+ ip = request.META.get('REMOTE_ADDR')
return ip
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-28 17:02:32 +0000