diff options
| -rw-r--r-- | app/controllers/application_controller.rb | 6 | ||||
| -rw-r--r-- | spec/integration/ip_spoofing_spec.rb | 11 |
2 files changed, 16 insertions, 1 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ba086cfa3..78a82316a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -432,7 +432,11 @@ class ApplicationController < ActionController::Base def country_from_ip country = "" if !AlaveteliConfiguration::gaze_url.empty? - country = quietly_try_to_open("#{AlaveteliConfiguration::gaze_url}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}") + begin + country = quietly_try_to_open("#{AlaveteliConfiguration::gaze_url}/gaze-rest?f=get_country_from_ip;ip=#{request.remote_ip}") + rescue ActionDispatch::RemoteIp::IpSpoofAttackError + country = AlaveteliConfiguration::iso_country_code + end end country = AlaveteliConfiguration::iso_country_code if country.empty? return country diff --git a/spec/integration/ip_spoofing_spec.rb b/spec/integration/ip_spoofing_spec.rb new file mode 100644 index 000000000..073f71ad6 --- /dev/null +++ b/spec/integration/ip_spoofing_spec.rb @@ -0,0 +1,11 @@ +require File.expand_path(File.dirname(__FILE__) + '/../spec_helper') + +describe 'when getting a country message' do + + it 'should not raise an IP spoofing error when given mismatched headers' do + get '/country_message', nil, { 'HTTP_X_FORWARDED_FOR' => '1.2.3.4', + 'HTTP_CLIENT_IP' => '5.5.5.5' } + response.status.should == 200 + end + +end |