Comments (5)
jumph4x
commented on May 23, 2024
Here is how I ran into this, perhaps an inline comment would help a lot in this instance:
On Heroku, for example, the way some of the SSL routing is set up, the webserver is never allowed to see the request IP address: http://groups.google.com/group/heroku/browse_thread/thread/8cd2cba55f9aeb19
This is where this generic IP address is inserted. However, it puzzles me why the original author would use such a recognizable Class C address.
NOTE: To all those using Authorize.NET and such. When we switched to Heroku initially we had ALL of our order payments frozen due to the fact that all payment IP addresses were 192.168.1.100. We had to turn location-based IP filtering off.
from spree.
mguterl
commented on May 23, 2024
@schof - I want to fix this bug and actually record the ip address of the order.
I think it makes the most sense to record the ip address of the order during the completion of the payment step. Do you agree?
In which Spree component does this feature belong, core, auth, others?
Thanks
from spree.
mguterl
commented on May 23, 2024
Also, it doesn't look like it is possible to make this work on Heroku with hostname based SSL.
I'm not on Heroku and I don't plan on implementing any of the complicated workarounds that are suggested here: http://stackoverflow.com/questions/5480047/heroku-geolocation-always-returns-seattle-wa
from spree.
schof
commented on May 23, 2024
@mguteri: I think it should go in spree_core, probably as a result of the current_order method that creates the order if its not already present.
re: Heroku problem if you drill through to the Google thread that was referenced there seems to be a suggested solution
ip = env[‘HTTP_X_REAL_IP’] ||= env[‘REMOTE_ADDR’]
from spree.
mguterl
commented on May 23, 2024
My understanding is that the method mentioned only works to get around load balancers, not the issues with host based SSL. Also, in Rails 3.0.9 ActionDispatch::RemoteIp::RemoteIpGetter already contains that logic, I believe the solution above was targeted at Sinatra.
It looks like the current_order method is populated by finding the order using a session variable or constructed if one does not exist. I can definitely insert the setting of the ip_address there. From my perspective it would make the most sense to record the IP during the step of checkout where a credit card number was entered.
From the looks of things there's already a "hook" in the CheckoutController for this phase of the checkout here:
https://github.com/spree/spree/blob/master/core/app/controllers/checkout_controller.rb#L29
What do you think?
from spree.
Related Issues (20)
- Product bundles
- Predefined admin roles
- Architecture for imports and exports
- Order going back to Address state after complete
- Error on linux: bash: line 2: bin/wait-for-services: No such file or directory HOT 2
- Spree::Auth::Config[:confirmable] cannot be configured HOT 5
- Support Rails 7.1
- custom domain
- Support next.js commerce v2? HOT 2
- Support Rails 7.1
- Create the admin user failed HOT 2
- Spree order checkout state reload issue HOT 2
- Unable to capture payment
- Unable to add it to a fresh new rails app HOT 1
- alias_attribute Rails deprecation warnings HOT 2
- Help to compare Spree with other shopping cart software
- DEPRECATION WARNING: `currency` is deprecated. HOT 2
- Ability to select pre-orderable options without needing variants and pricing per option value
- NameError: undefined local variable or method `try_spree_current_user' HOT 5
- Same Taxonomies in different stores HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spree.