proper cidr validation server-side

2026-01-23 02:35:14 +00:00 · 2025-06-08 08:29:25 -04:00 · 2025-06-08 08:29:25 -04:00 · 789d29c97a
commit 789d29c97a
parent 9f96529707
4 changed files with 78 additions and 12 deletions
--- a/dispatcharr/utils.py
+++ b/dispatcharr/utils.py
@ -29,7 +29,7 @@ def validate_logo_file(file):


 def get_client_ip(request):
-    x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
+    x_forwarded_for = request.META.get("HTTP_X_REAL_IP")
    if x_forwarded_for:
        # X-Forwarded-For can be a comma-separated list of IPs
        ip = x_forwarded_for.split(",")[0].strip()
@ -44,7 +44,7 @@ def network_access_allowed(request, settings_key):
    cidrs = (
        network_access[settings_key].split(",")
        if settings_key in network_access
-        else "0.0.0.0/0"
+        else ["0.0.0.0/0"]
    )

    network_allowed = False