CIDR.has_access without credentials fails when localshop behind proxy

[asfaltboy]

In the credentials_required decorator, localshop uses the request.META['REMOTE_ADDR'] to get the IP of the client. In cases where localshop is being proxied to (for instance using nginx/apache), the actual remote address is accessible via request.META['HTTP_X_FORWARDED_FOR'].

Since the header is "spoofable" and CIDR is used as part of an authentication layer, I suggest adding a setting to set the remote address header key, defaulting to REMOTE_ADDR.

If this is acceptable, I can add a pull request

[canassa]

Closed, fixed by PR #118