Hi Rails Core! While adding a reverse proxy to a Rails 4 app, I was surprised to see that `request.ip` and `request.remote_ip` had different values.
That's a gotcha that I'd like to fix. Here's a demo app <https://github.com/ktheory/rails_remote_ip_demo> showing how `Client-IP` and `X-Forwarded-For` headers values that yield different results. The difference stems from `ActionDispatch::Request#remote_ip`<https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/http/request.rb#L212-L215>being more strict about trusted proxies than `Rack::Requests#ip`<https://github.com/rack/rack/blob/b2e074c43331dcc567d7ab64e7b8cd6013ff012f/lib/rack/request.rb#L348-L363> . I'd like to clean up the inconsistencies, and am looking for a +1 before making a pull request. Here are some of the changes I'd like to make: 1. Make `ActionDispatch::Request#remote_ip` an alias for `#ip`. Eliminate the developer gotcha. 2. Move Rails' customizations in the ActionDispatch::Request subclass to a mixin for Rack::Request. That eliminates developer gotchas if they use a Rack::Request instead of an ActionDispatch::Request. 3. Add hooks for extending the logic to calculate IP addresses for easier developer customization. 4. Get rid of `ActionDispatch::RemoteIp` middleware<https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/middleware/remote_ip.rb>. It's no longer needed when all the code to calculate IP addresses lives in Request objects. Of course I'd maintain backwards compatibility (e.g. config like `action_dispatch.trusted_proxies`). I couldn't find any documentation about why `remote_ip` and `ip` would be different. I assume the only reason two different methods exists is b/c Rails' `requests.remote_ip` method pre-dates Rack and `Rack::Request#ip`. Feedback welcome! Aaron Suggs Operations Engineer, Kickstarter -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.
