Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DEPR]: legacy_ip code and Waffle switch #33733

Closed
timmc-edx opened this issue Nov 16, 2023 · 2 comments
Closed

[DEPR]: legacy_ip code and Waffle switch #33733

timmc-edx opened this issue Nov 16, 2023 · 2 comments
Labels
depr Proposal for deprecation & removal per OEP-21

Comments

@timmc-edx
Copy link
Contributor

timmc-edx commented Nov 16, 2023

Proposal Date

2023-11-16

Target Ticket Acceptance Date

2023-12-01

Earliest Open edX Named Release Without This Functionality

Redwood - 2024-04

Rationale

The code in openedx.core.djangoapps.util.legacy_ip always uses the leftmost IP address in the X-Forwarded-For header, which is insecure. The code in edx_django_utils.ip offers a safer alternative.

For an explanation of the details, see the edx_django_utils.ip dunder-init documentation: https://github.com/openedx/edx-django-utils/blob/master/edx_django_utils/ip/__init__.py

Removal

This would entail removing openedx/core/djangoapps/util/legacy_ip.py, containing a small bit of X-Forwarded-For parsing and the Waffle switch ip.legacy that is supposed to control its use.

The remaining references are all conditional statements that use the Waffle switch to determine whether to use the old code.

Replacement

All of the references to legacy_ip are guarded by conditionals and already default to a call to the replacement edx_django_utils.ip code.

This PR should effect the replacement: #33735

Deprecation

No response

Migration

No response

Additional Info

No response


Discourse topic: https://discuss.openedx.org/t/deprecation-removal-legacy-ip-code-and-waffle-switch-edx-platform-33733/11718

@github-actions github-actions bot added the depr Proposal for deprecation & removal per OEP-21 label Nov 16, 2023
@timmc-edx timmc-edx moved this from Proposed to Communicated in DEPR: Deprecation & Removal Nov 16, 2023
timmc-edx added a commit that referenced this issue Nov 16, 2023
This switch has been kept disabled in edx.org for well over a year with no
trouble.

DEPR issue: #33733
@rgraber rgraber moved this to Blocked in Arch-BOM Nov 20, 2023
@rgraber
Copy link
Contributor

rgraber commented Nov 20, 2023

This is marked as Blocked until the required time period has elapsed (12/1)

timmc-edx added a commit that referenced this issue Dec 1, 2023
This switch has been kept disabled in edx.org for well over a year with no
trouble, and the migration to `CLOSEST_CLIENT_IP_FROM_HEADERS`
was introduced in Nutmeg.

DEPR issue: #33733
@timmc-edx timmc-edx moved this from Communicated to Accepted in DEPR: Deprecation & Removal Dec 1, 2023
@timmc-edx timmc-edx moved this from Accepted to Removing in DEPR: Deprecation & Removal Dec 1, 2023
@timmc-edx timmc-edx moved this from Removing to Removed in DEPR: Deprecation & Removal Dec 1, 2023
@timmc-edx
Copy link
Contributor Author

Removal has been completed.

@feanil feanil closed this as completed Dec 14, 2023
@github-project-automation github-project-automation bot moved this from Blocked to Done in Arch-BOM Dec 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
depr Proposal for deprecation & removal per OEP-21
Projects
Archived in project
Development

No branches or pull requests

3 participants