Commit d03b7bb1 authored by Stan Hu's avatar Stan Hu
Browse files

Properly handle multiple X-Forwarded-For addresses in runner IP extracted
the X-Forwarded-For address directly, but this didn't consider the case
where multiple proxies are in the chain. To fix this, we use the Rails
implementation to filter trusted proxies, as documented by Grape:

parent c44c83c4
title: Properly handle multiple X-Forwarded-For addresses in runner IP
merge_request: 25511
type: fixed
......@@ -26,7 +26,7 @@ def get_runner_details_from_request
def get_runner_ip
{ ip_address: request.env["HTTP_X_FORWARDED_FOR"] || request.ip }
{ ip_address: env["action_dispatch.remote_ip"].to_s || request.ip }
def current_runner
......@@ -526,6 +526,15 @@
expect(runner.reload.ip_address).to eq('')
it "handles multiple X-Forwarded-For addresses" do
post api('/jobs/request'),
params: { token: runner.token },
headers: { 'User-Agent' => user_agent, 'X-Forwarded-For' => ',' }
expect(response).to have_gitlab_http_status 201
expect(runner.reload.ip_address).to eq('')
context 'when concurrently updating a job' do
before do
expect_any_instance_of(Ci::Build).to receive(:run!)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment