Alternative API for Ocsigen_request.remote_ip
#273
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This improve the API for querying the client's connection info, which makes less sense since the added support for unix domain sockets. The `client_conn` type no longer loose connection information: - The client port is available. - Failure points are removed in favor of a `` `Unknown `` case The `` `Forwarded_for `` case makes sure that IP addresses reported through the `x_forwarded_for` HTTP header can't be used by `Accesscontrol` by mistake. There are two API for this information: - `client_conn_to_string`: Returns the information in textual form for when the data don't need to be parsed back. For example, ideal in log messages. It's also used to set the `x_forwarded_for` header, where using a wrong format is better than inventing data in cases where we don't use Internet. - `client_conn`: The full data without superfluous transformations.
Julow
added a commit
to Julow/eliom
that referenced
this pull request
Jul 3, 2025
Adapt to changes in ocsigenserver: ocsigen/ocsigenserver#273
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This improve the API for querying the client's connection info, which makes less sense since the added support for unix domain sockets.
The
client_conntype no longer loose connection information:`UnknowncaseThe
`Forwarded_forcase makes sure that IP addresses reported through thex_forwarded_forHTTP header can't be used byAccesscontrolby mistake.There are two API for this information:
client_conn_to_string: Returns the information in textual form for when the data don't need to be parsed back. For example, ideal in log messages. It's also used to set thex_forwarded_forheader, where using a wrong format is better than inventing data in cases where we don't use Internet.client_conn: The full data without superfluous transformations.An other change is that the client IP address doesn't go through
getaddrinfo(viaIpaddr_unix.to_inet_addr). This doesn't change anything in the general case but might remove a potential exploit on servers where/etc/hostsis compromised.This is a second attempt at #270 which was partially reverted because the API name was bad. This new attempt is also free of workarounds and conversions to and from
Unix.inet_addr.