Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 4.5.0-b1
-
Component/s: None
-
Labels:None
Description
The Order plugin will log in users and perform other functionality using the client's IP address, but it does so by passing in the server's remote address as the client's IP address, which is not necessarily the case if the server is behind a proxy. Instead, it should follow CORE-2349 and determine the IP address from Blesta's Requestor service
Update all REMOTE_ADDR references:
- User log in should not determine the IP address from "REMOTE_ADDR"
- FraudLabsPro component should not use the "REMOTE_ADDR" IP – it should pull this from the Blesta Requestor instead
- Creating an order should not set the "REMOTE_ADDR" IP – it should pull this from the Blesta Requestor instead
- When validating recaptcha, don't use the "REMOTE_ADDR" IP – it should pull this from the Blesta Requestor instead
- When determining the GeoIP location data, do not base it on the "REMOTE_ADDR" IP – it should pull this from the Blesta Requestor instead
- Running the anti-fraud check should do so not by using the "REMOTE_ADDR" IP – it should pull this from the Blesta Requestor instead
Issue Links
- is blocked by
-
CORE-2349
Add support for the x-forwarded-for header for load balanced environments
-
- Closed
-
