From 2306e4906013c3f90684722ccc58d3c31bd4437e Mon Sep 17 00:00:00 2001
From: blackst0ne <blackst0ne.ru@gmail.com>
Date: Thu, 3 May 2018 20:14:20 +1100
Subject: [Rails5] Fix trusted proxies

There is a bug in trusted proxies: https://github.com/rails/rails/issues/5223
This commit adds a monkey patch to fix the bug.

Example of errors:

```
1) trusted_proxies with default config preserves private IPs
    Failure/Error: expect(request.ip).to eq('10.1.5.89')

      expected: "10.1.5.89"
          got: nil

      (compared using ==)
    # ./spec/initializers/trusted_proxies_spec.rb:12:in `block (3 levels) in <top (required)>'

2) trusted_proxies with default config filters out localhost
    Failure/Error: expect(request.ip).to eq('10.1.5.89')

      expected: "10.1.5.89"
          got: "1.1.1.1"

      (compared using ==)
    # ./spec/initializers/trusted_proxies_spec.rb:18:in `block (3 levels) in <top (required)>'
```
---
 config/initializers/trusted_proxies.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/config/initializers/trusted_proxies.rb b/config/initializers/trusted_proxies.rb
index 0c32528311e..ca2eed664ed 100644
--- a/config/initializers/trusted_proxies.rb
+++ b/config/initializers/trusted_proxies.rb
@@ -22,3 +22,16 @@ end.compact
 
 Rails.application.config.action_dispatch.trusted_proxies = (
   ['127.0.0.1', '::1'] + gitlab_trusted_proxies)
+
+# A monkey patch to make trusted proxies work with Rails 5.0.
+# Inspired by https://github.com/rails/rails/issues/5223#issuecomment-263778719
+# Remove this monkey patch when upstream is fixed.
+if Gitlab.rails5?
+  module TrustedProxyMonkeyPatch
+    def ip
+      @ip ||= (get_header("action_dispatch.remote_ip") || super).to_s
+    end
+  end
+
+  ActionDispatch::Request.send(:include, TrustedProxyMonkeyPatch)
+end
-- 
cgit v1.2.3