Support `Forwarded` header in `Rack::Protection::IPSpoofing`

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded

Since Rack 3 (https://github.com/rack/rack/pull/1834) the `Forwarded` is supported (and [preferred](https://github.com/rack/rack/blob/v3.0.10/lib/rack/request.rb#L20-L44)).

Sinatra does not make use of this:

https://github.com/sinatra/sinatra/blob/5640495babcb4cfd69ba650b293660b7446402da/lib/sinatra/base.rb#L63-L65

Which one to prefer should probably be exposed to the end-user.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Support `Forwarded` header in `Rack::Protection::IPSpoofing` #2011

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

	def forwarded?
	@env.include? 'HTTP_X_FORWARDED_HOST'
	end

Support Forwarded header in Rack::Protection::IPSpoofing #2011

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Support `Forwarded` header in `Rack::Protection::IPSpoofing` #2011