You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Earliest Open edX Named Release Without This Functionality
Redwood - 2024-04
Rationale
The code in openedx.core.djangoapps.util.legacy_ip always uses the leftmost IP address in the X-Forwarded-For header, which is insecure. The code in edx_django_utils.ip offers a safer alternative.
This would entail removing openedx/core/djangoapps/util/legacy_ip.py, containing a small bit of X-Forwarded-For parsing and the Waffle switch ip.legacy that is supposed to control its use.
The remaining references are all conditional statements that use the Waffle switch to determine whether to use the old code.
Replacement
All of the references to legacy_ip are guarded by conditionals and already default to a call to the replacement edx_django_utils.ip code.
This switch has been kept disabled in edx.org for well over a year with no
trouble, and the migration to `CLOSEST_CLIENT_IP_FROM_HEADERS`
was introduced in Nutmeg.
DEPR issue: #33733
Proposal Date
2023-11-16
Target Ticket Acceptance Date
2023-12-01
Earliest Open edX Named Release Without This Functionality
Redwood - 2024-04
Rationale
The code in
openedx.core.djangoapps.util.legacy_ip
always uses the leftmost IP address in theX-Forwarded-For
header, which is insecure. The code inedx_django_utils.ip
offers a safer alternative.For an explanation of the details, see the
edx_django_utils.ip
dunder-init documentation: https://github.com/openedx/edx-django-utils/blob/master/edx_django_utils/ip/__init__.pyRemoval
This would entail removing openedx/core/djangoapps/util/legacy_ip.py, containing a small bit of X-Forwarded-For parsing and the Waffle switch
ip.legacy
that is supposed to control its use.The remaining references are all conditional statements that use the Waffle switch to determine whether to use the old code.
Replacement
All of the references to legacy_ip are guarded by conditionals and already default to a call to the replacement
edx_django_utils.ip
code.This PR should effect the replacement: #33735
Deprecation
No response
Migration
No response
Additional Info
No response
Discourse topic: https://discuss.openedx.org/t/deprecation-removal-legacy-ip-code-and-waffle-switch-edx-platform-33733/11718
The text was updated successfully, but these errors were encountered: