diff --git a/README.md b/README.md
index 04eccf2bcea2c0940066819244c5d768fe1974f5..af6163eef17c7ffcea9aec52076f5960107b0efa 100644
--- a/README.md
+++ b/README.md
@@ -123,12 +123,12 @@ The exact code will vary depending on the method you use for your geocodable str
Request Geocoding by IP Address
-------------------------------
-Geocoder adds `location` and `paranoid_location` methods to the standard `Rack::Request` object so you can easily look up the location of any HTTP request by IP address. For example, in a Rails controller or a Sinatra app:
+Geocoder adds `location` and `safe_location` methods to the standard `Rack::Request` object so you can easily look up the location of any HTTP request by IP address. For example, in a Rails controller or a Sinatra app:
# returns Geocoder::Result object
result = request.location
-**The `location` method is vulnerable to trivial IP address spoofing via HTTP headers.** If that's a problem for your application, use `paranoid_location` instead, but be aware that `paranoid_location` will *not* try to trace a request's originating IP through proxy headers; you will instead get the location of the last proxy the request passed through, if any (excepting any proxies you have explicitly whitelisted in your Rack config).
+**The `location` method is vulnerable to trivial IP address spoofing via HTTP headers.** If that's a problem for your application, use `safe_location` instead, but be aware that `safe_location` will *not* try to trace a request's originating IP through proxy headers; you will instead get the location of the last proxy the request passed through, if any (excepting any proxies you have explicitly whitelisted in your Rack config).
Note that these methods will usually return `nil` in your test and development environments because things like "localhost" and "0.0.0.0" are not an Internet IP addresses.
diff --git a/lib/geocoder/request.rb b/lib/geocoder/request.rb
index 12bd57780d477dfca52e97953d3b747fe4c71b37..3673bec4daaf9635cdbbb69afa4e25536cff770b 100644
--- a/lib/geocoder/request.rb
+++ b/lib/geocoder/request.rb
@@ -3,20 +3,20 @@ module Geocoder
# The location() method is vulnerable to trivial IP spoofing.
# Don't use it in authorization/authentication code, or any
- # other security-sensitive application. Use paranoid_location
+ # other security-sensitive application. Use safe_location
# instead.
def location
@location ||= Geocoder.search(geocoder_spoofable_ip, ip_address: true).first
end
- # This paranoid_location() protects you from trivial IP spoofing.
+ # This safe_location() protects you from trivial IP spoofing.
# For requests that go through a proxy that you haven't
# whitelisted as trusted in your Rack config, you will get the
# location for the IP of the last untrusted proxy in the chain,
# not the original client IP. You WILL NOT get the location
# corresponding to the original client IP for any request sent
# through a non-whitelisted proxy.
- def paranoid_location
+ def safe_location
@location ||= Geocoder.search(ip, ip_address: true).first
end
diff --git a/test/unit/request_test.rb b/test/unit/request_test.rb
index e99d1e291b339ca3395c63de9863e065d2285a46..2e5079a5416b72ebc6220080ca8a7416f8c715d2 100644
--- a/test/unit/request_test.rb
+++ b/test/unit/request_test.rb
@@ -34,12 +34,12 @@ class RequestTest < GeocoderTestCase
assert req.location.is_a?(Geocoder::Result::Freegeoip)
assert_equal "US", req.location.country_code
end
- def test_paranoid_http_x_forwarded_for_with_proxy
+ def test_safe_http_x_forwarded_for_with_proxy
req = MockRequest.new({"HTTP_X_FORWARDED_FOR" => "74.200.247.59, 74.200.247.60"})
assert req.geocoder_spoofable_ip == '74.200.247.59'
assert req.ip == '74.200.247.60'
- assert req.paranoid_location.is_a?(Geocoder::Result::Freegeoip)
- assert_equal "MX", req.paranoid_location.country_code
+ assert req.safe_location.is_a?(Geocoder::Result::Freegeoip)
+ assert_equal "MX", req.safe_location.country_code
end
def test_with_request_ip
req = MockRequest.new({}, "74.200.247.59")