Hi Steve,

I'm confused about the check for request.local? in store_location.

The reason I ask is that redirecting to the originally requested URL works in dev but not production on Heroku. I did some puts debugging and it turns out the request is coming from an internal (10.x.x.x) address but not from LOCALHOST.

******************************
store_location:
  session[:return_to] = 
  request.get? = true
  request.local? = false
  request.headers[:REMOTE_ADDR] = 10.1.35.236
******************************

You explain in your post:

We also call request.local? to ensure it was a local request. This prevents redirecting to an external application.

Intuitively I would expect the request to always be from a remote IP address in production (e.g. the one given to me by my ISP) but clearly I'm missing something. Is the request being forwarded or proxied from the rack web server maybe? Is that why I'm seeing 10.1.35.236 in the example above?

And do other hosting providers usually run them on the same box maybe? Is that why the check for local? works for you but fails for me?

Thanks for the great tutorial and thanks in advance for any tips or pointers!

Matt