Remove rack_strip_client_ip middleware

theseanything · theseanything · commit 41e26153932a · 2022-12-12T12:25:20.000Z
This removes middleware that strips the Client-IP header from requests to
prevent Rails from raising a "IpSpoofAttackError" exception. Removing
this because it isn't needed, we are stripping the Client-IP header at
the CDN level which should prevent this expection being raised anyway.
If this header is being set else were in the request path, we should fix that
instead of blindly stripping the header altogether.

There is also a bug in the middleware, where it prevent previous
middleware from receiving information from following middleware in the
'env' variable. This is because it creates a copy of env, which isn't
returned to the calling middleware. This prevents middleware such as the
prometheus exporter from functioning properly.
diff --git a/Gemfile b/Gemfile
@@ -10,7 +10,6 @@ gem "govuk_personalisation"
 gem "govuk_publishing_components"
 gem "htmlentities"
 gem "plek"
-gem "rack_strip_client_ip"
 gem "rails-controller-testing"
 gem "rails-i18n"
 gem "rails_translation_manager"
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -235,7 +235,6 @@ GEM
       rack
     rack-test (2.0.2)
       rack (>= 1.3)
-    rack_strip_client_ip (0.0.2)
     rails (7.0.4)
       actioncable (= 7.0.4)
       actionmailbox (= 7.0.4)
@@ -411,7 +410,6 @@ DEPENDENCIES
   mocha
   plek
   pry
-  rack_strip_client_ip
   rails (= 7.0.4)
   rails-controller-testing
   rails-i18n
