Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ip_address() removed from Drupal, incorrect client ip set for fraud handling when using a front end proxy #370

Open
adixon opened this issue Jul 28, 2021 · 0 comments
Open

ip_address() removed from Drupal, incorrect client ip set for fraud handling when using a front end proxy #370

adixon opened this issue Jul 28, 2021 · 0 comments

Comments

@adixon
Copy link
Contributor

adixon commented Jul 28, 2021

When using this extension with Drupal 8 and a front-end proxy (e.g. varnish), it sends incorrect information to the iats server about the originating request (client) ip.

This issue does not affect sites that are not using a front end proxy.

Specifically, this code "(function_exists('ip_address') ? ip_address() : $_SERVER['REMOTE_ADDR']" is used in multiple places to identify the client ip.

This worked for D7 and D6, but as per:

https://www.drupal.org/node/1969794

it won't.

Conclusion: for Drupal 8+, we should be defining

function ip_address() {

return Drupal::request()->getClientIp();

}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adixon