2 changed files with 11 additions and 4 deletions
+ 7
- 0
defaults.yml
View File
| @@ -73,6 +73,13 @@ rophako: | |||
| # Password strength: number of iterations for bcrypt password. | |||
| bcrypt_iterations: 12 | |||
| # Proxy support. If you *KNOW* your web app will be behind a trusted proxy, | |||
| # such as a load balancer, you can make the app accept the X-Forwarded-For | |||
| # header to provide the user's real IP address. Do NOT set this if you are | |||
| # not behind a proxy, otherwise a malicious user could "spoof" their address | |||
| # by using this header. | |||
| use_forwarded_for: false | |||
| ### | |||
| # Mail Settings | |||
| ### | |||
+ 4
- 4
rophako/utils.py
View File
| @@ -286,10 +286,10 @@ def include(endpoint, *args, **kwargs): | |||
| def remote_addr(): | |||
| """Retrieve the end user's remote IP address.""" | |||
| # TODO: eventually support configurations with X-Forwarded-For, but for | |||
| # now at least we're centralizing this in one spot. | |||
| """Retrieve the end user's remote IP address. If the site is configured | |||
| to honor X-Forwarded-For and this header is present, it's returned.""" | |||
| if Config.security.use_forwarded_for: | |||
| return request.access_route[0] | |||
| return request.remote_addr | |||
Loading…