From 70104d705951e670743eee7b91d882001b90f079 Mon Sep 17 00:00:00 2001
From: Pierre de La Morinerie <kemenaran@gmail.com>
Date: Thu, 11 Mar 2021 18:28:10 +0100
Subject: [PATCH] config: avoid blocking legitimate requests from mobile ISPs

---
 config/application.rb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/config/application.rb b/config/application.rb
index 2a4a8aa1f..f8fbdab6c 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -58,6 +58,13 @@ module TPS
     # See https://github.com/rails/rails/issues/21948
     config.action_dispatch.default_headers['Cache-Control'] = 'no-store, no-cache'
 
+    # ActionDispatch's IP spoofing detection is quite limited, and often rejects
+    # legitimate requests from misconfigured proxies (such as mobile telcos).
+    #
+    # As we have our own proxy stack before reaching the Rails app, we can
+    # disable the check performed by Rails.
+    config.action_dispatch.ip_spoofing_check = false
+
     config.to_prepare do
       # Make main application helpers available in administrate
       Administrate::ApplicationController.helper(TPS::Application.helpers)