From d9e74618a3ef5c1858009631e3db00cd6264e828 Mon Sep 17 00:00:00 2001
From: Jacek Foremski <natanael89@users.noreply.github.com>
Date: Mon, 12 Mar 2018 10:30:29 +0100
Subject: [PATCH 1/2] EZP-26491: Remove "Forwarded" header to avoid
 ConflictingHeadersException (#275)

---
 doc/varnish/vcl/varnish3.vcl | 4 ++++
 doc/varnish/vcl/varnish4.vcl | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/doc/varnish/vcl/varnish3.vcl b/doc/varnish/vcl/varnish3.vcl
index fa14859993..ba21680772 100644
--- a/doc/varnish/vcl/varnish3.vcl
+++ b/doc/varnish/vcl/varnish3.vcl
@@ -13,6 +13,10 @@ sub vcl_recv {
     // Advertise Symfony for ESI support
     set req.http.Surrogate-Capability = "abc=ESI/1.0";
 
+    // Varnish, in its default configuration, sends the X-Forwarded-For header but does not filter out Forwarded header
+    // To be removed in Symfony 3.3
+    unset req.http.Forwarded;
+
     // Add a unique header containing the client address (only for master request)
     // Please note that /_fragment URI can change in Symfony configuration
     if (!req.url ~ "^/_fragment") {
diff --git a/doc/varnish/vcl/varnish4.vcl b/doc/varnish/vcl/varnish4.vcl
index 7bbf421632..92621418c9 100644
--- a/doc/varnish/vcl/varnish4.vcl
+++ b/doc/varnish/vcl/varnish4.vcl
@@ -15,6 +15,10 @@ sub vcl_recv {
     // Advertise Symfony for ESI support
     set req.http.Surrogate-Capability = "abc=ESI/1.0";
 
+    // Varnish, in its default configuration, sends the X-Forwarded-For header but does not filter out Forwarded header
+    // To be removed in Symfony 3.3
+    unset req.http.Forwarded;
+
     // Add a unique header containing the client address (only for master request)
     // Please note that /_fragment URI can change in Symfony configuration
     if (!req.url ~ "^/_fragment") {

From ba2a544e27333ddd167dc637b17fec39fa3c9377 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andre=CC=81=20R?= <ar@ez.no>
Date: Mon, 12 Mar 2018 10:35:09 +0100
Subject: [PATCH 2/2] [VCL] Port Forward-proto logic from xkey/symfony2 config

---
 doc/varnish/vcl/varnish4.vcl | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/doc/varnish/vcl/varnish4.vcl b/doc/varnish/vcl/varnish4.vcl
index 92621418c9..51c3353f40 100644
--- a/doc/varnish/vcl/varnish4.vcl
+++ b/doc/varnish/vcl/varnish4.vcl
@@ -19,6 +19,13 @@ sub vcl_recv {
     // To be removed in Symfony 3.3
     unset req.http.Forwarded;
 
+    // Ensure that the Symfony Router generates URLs correctly with Varnish
+    if (req.http.X-Forwarded-Proto == "https" ) {
+        set req.http.X-Forwarded-Port = "443";
+    } else {
+        set req.http.X-Forwarded-Port = "80";
+    }
+
     // Add a unique header containing the client address (only for master request)
     // Please note that /_fragment URI can change in Symfony configuration
     if (!req.url ~ "^/_fragment") {