From de269e97ea2d85442f1db9bd39c316d050893576 Mon Sep 17 00:00:00 2001
From: Dario Rekowski on RockPI <dario.rekowski@gmx.de>
Date: Mon, 7 Jun 2021 15:14:50 +0000
Subject: [PATCH] missing update

---
 community_server/config/routes.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/community_server/config/routes.php b/community_server/config/routes.php
index 3b0dfedc1..20fc1ff62 100644
--- a/community_server/config/routes.php
+++ b/community_server/config/routes.php
@@ -60,19 +60,21 @@ Router::scope('/', function (RouteBuilder $routes) {
         $whitelist = ['JsonRequestHandler', 'ElopageWebhook', 'AppRequests'];
         $ajaxWhitelist = ['TransactionSendCoins', 'TransactionCreations'];
 
+        $callerIp = $request->clientIp();
+        
         foreach($whitelist as $entry) {
           if($request->getParam('controller') === $entry) {
             if($entry == 'ElopageWebhook' || $entry == 'AppRequests') {
               return true;
             }
             $allowedIpLocalhost = ['127.0.0.1', 'localhost', '', '::1'];
-            if(in_array($clientIp, $allowedIpLocalhost)) {
+            if(in_array($callerIp, $allowedIpLocalhost)) {
                 return true;
             }
             $allowedCaller = Configure::read('API.allowedCaller');
             $ipPerHost = [];
             if($allowedCaller && count($allowedCaller) > 0) {
-                $callerIp = $request->clientIp();
+                
                 foreach($allowedCaller as $allowed) {
                   $ip = gethostbyname($allowed);
                   $ipPerHost[$allowed] = $ip;