From 1ee8d1e50e2e113af63348c6d16ee5cface22e33 Mon Sep 17 00:00:00 2001
From: Matt Jankowski <matt@jankowski.online>
Date: Fri, 15 Dec 2023 09:33:56 -0500
Subject: [PATCH] Assign a proc to `Rack::Request.ip_filter` instead of
 patching method (#28380)

---
 config/initializers/trusted_proxies.rb | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/config/initializers/trusted_proxies.rb b/config/initializers/trusted_proxies.rb
index aa2f4510c2..33bfddbdf1 100644
--- a/config/initializers/trusted_proxies.rb
+++ b/config/initializers/trusted_proxies.rb
@@ -1,13 +1,8 @@
 # frozen_string_literal: true
 
-module Rack
-  class Request
-    def trusted_proxy?(ip)
-      if Rails.application.config.action_dispatch.trusted_proxies.nil?
-        super
-      else
-        Rails.application.config.action_dispatch.trusted_proxies.any? { |proxy| proxy === ip }
-      end
-    end
-  end
+unless Rails.application.config.action_dispatch.trusted_proxies.nil?
+  # Rack is configured with a default collection of trusted proxies
+  # If Rails has been configured to use a specific list, configure
+  # Rack to use this Proc, which enforces the Rails-configured list.
+  Rack::Request.ip_filter = ->(ip) { Rails.application.config.action_dispatch.trusted_proxies.include?(ip) }
 end