From bed5259ce2c5ca1cb5c60415fe2408df3f91ad4b Mon Sep 17 00:00:00 2001
From: Lachlan Donald <lachlan@ljd.cc>
Date: Tue, 19 Dec 2017 10:00:56 +1100
Subject: [PATCH] Use Ip.IsLoopback()

---
 server/server.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/server/server.go b/server/server.go
index cd573f64c..c5133a271 100644
--- a/server/server.go
+++ b/server/server.go
@@ -128,9 +128,10 @@ func StartCredentialsServer(creds *vault.VaultCredentials) error {
 			return
 		}
 
-		// Must make sure the remote ip is localhost, otherwise clients on the same network segment could
+		// Must make sure the remote ip is from the loopback, otherwise clients on the same network segment could
 		// potentially route traffic via 169.254.169.254:80
-		if ip != `127.0.0.1` {
+		// See https://developer.apple.com/library/content/qa/qa1357/_index.html
+		if !net.ParseIP(ip).IsLoopback() {
 			http.Error(w, "Access denied from non-localhost address", http.StatusUnauthorized)
 			return
 		}