Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove rack_strip_client_ip middleware
This removes middleware that strips the Client-IP header from requests to prevent Rails from raising a "IpSpoofAttackError" exception. Removing this because it isn't needed, we are stripping the Client-IP header at the CDN level which should prevent this expection being raised anyway. If this header is being set else were in the request path, we should fix that instead of blindly stripping the header altogether. There is also a bug in the middleware, where it prevents previous middleware from receiving information from following middleware in the 'env' variable. This is because it creates a copy of env, which isn't returned to the calling middleware. This prevents middleware such as the prometheus exporter from generating correct metrics stats. https://github.com/alext/rack_strip_client_ip --- Details of the bug: Instead of editing the same env object it creates a copy using the "reject" method. This new copy is passed on to subsequent middleware, which means any changes to 'env' isn't available to previous middleware. https://github.com/alext/rack_strip_client_ip/blob/98029a661616b5a1091e6b822aed5b498a4e5d42/lib/rack_strip_client_ip/middleware.rb#LL14
- Loading branch information