Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Confused about request.local? #88

Open
matt17r opened this issue Apr 16, 2022 · 1 comment · May be fixed by #96
Open

Confused about request.local? #88

matt17r opened this issue Apr 16, 2022 · 1 comment · May be fixed by #96

Comments

@matt17r
Copy link

matt17r commented Apr 16, 2022

Hi Steve,

I'm confused about the check for request.local? in store_location.

The reason I ask is that redirecting to the originally requested URL works in dev but not production on Heroku. I did some puts debugging and it turns out the request is coming from an internal (10.x.x.x) address but not from LOCALHOST.

******************************
store_location:
  session[:return_to] = 
  request.get? = true
  request.local? = false
  request.headers[:REMOTE_ADDR] = 10.1.35.236
******************************

You explain in your post:

We also call request.local? to ensure it was a local request. This prevents redirecting to an external application.

Intuitively I would expect the request to always be from a remote IP address in production (e.g. the one given to me by my ISP) but clearly I'm missing something. Is the request being forwarded or proxied from the rack web server maybe? Is that why I'm seeing 10.1.35.236 in the example above?

And do other hosting providers usually run them on the same box maybe? Is that why the check for local? works for you but fails for me?

Thanks for the great tutorial and thanks in advance for any tips or pointers!

Matt
@stevepolitodesign
Copy link
Owner

@matt17r thank you for opening this issue! I just tested this, and you're absolutely right. The call to local is not necessary, and will not work as expected in production.

I misunderstood what this method did, and thought it returned true if the request came from the application.

mdchaney added a commit to mdchaney/rails-authentication-from-scratch that referenced this issue Jun 12, 2024
@mdchaney
Remove extraneous check for request.local?
c4e6e7b 
Closes stevepolitodesign#88.
@mdchaney mdchaney linked a pull request Jun 12, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove extraneous check for request.local? mdchaney/rails-authentication-from-scratch
2 participants
@stevepolitodesign @matt17r