Comments (13)
I’ll look into that later today.
from agoo.
Great, I'll add a few tests more tests and release.
from agoo.
UPDATE: I've double-checked, and authentication actually works on production, because Rack is also trying to fetch the request.ip from the HTTP_X_FORWARDED_FOR, which, as I understand, is provided by nginx or whatever server stays in front of Heroku instance with Agoo and Rails.
Still a problem in the development
, or any other environment not providing HTTP_X_FORWARDED_FOR.
from agoo.
I could not find any mention of REMOTE_ADDR in the Rack spec at https://github.com/rack/rack/blob/master/SPEC.rdoc. I have no problem adding something though if it is commonly used. Is there are definition somewhere on the rules for setting the value?
from agoo.
Yes, the rules are defined by the CGI RFC-3875 - https://tools.ietf.org/html/rfc3875#section-4.1.8
from agoo.
Also, here's a good SO response on the matter - https://stackoverflow.com/a/43014286/4812102
from agoo.
Great, thanks. That helps.
from agoo.
Interesting that REMOTE_ADDR
does not include the HTTP_
prefix as would be expected from the spec. I don't see any other special cases like that except for some RACK_
prefixed keys. Are you aware of any others that should be added? It also does not appear as if all the RFC 3875 environment variables are needed for the Rack::Request.
from agoo.
Yeah, this seems to be a special case, I am not aware of any other. As for the HTTP_
prefix, it is not very clear from the spec, but it seems it should not be applied to the explicitly listed in the spec variables. And, well, this spec is not a standard, as it is stated at the document start, but just a current practice
of CGI.
from agoo.
The 'remote-add' branch has a candidate fix to this issue. Please give it a try.
from agoo.
Great, works like a charm!
from agoo.
Released
from agoo.
Thank you very much, @ohler55 !! 👍
from agoo.
Related Issues (20)
- Fragment usage HOT 17
- CORS issues HOT 8
- Agoo dumps core on malformed SDL HOT 5
- fails to launch in clustered mode HOT 17
- Agoo Fragment Cycle Security Vulnerability HOT 2
- Disabling introspection for GraphQL HOT 12
- Changes on args or req does not get fowarded to the other calls HOT 9
- Static asset with space in filename HOT 4
- gem install agoo fails on MacOS Ventura 13.2.1 HOT 9
- Static .txt files are not served with utf-8 encoding HOT 8
- Agoo crash and exit HOT 7
- CLI options for SSL/TLS HOT 3
- localhost is crashing as bind address HOT 4
- 502 via nginx proxy_pass HOT 3
- TypeError: no implicit conversion of Array into String HOT 4
- rackup -r agoo -s agoo Doesn't Work HOT 8
- Out of curiousity would anything have been lost or gained by using ABI, or FFI, or *.SO over the current API method of directly calling in the Ruby C file headers? HOT 3
- root == '' gives access to the whole filesystem HOT 16
- Port cleanup on shutdown? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from agoo.