Skip to content

Commit

Permalink
Merge pull request #146 from rodruiz/master
Browse files Browse the repository at this point in the history
HEADER_X_FORWARDED_ALL was deprecated in Symfony 5.2
  • Loading branch information
fideloper authored Aug 9, 2021
2 parents 51808a7 + 0991f1e commit ccad693
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 13 deletions.
4 changes: 3 additions & 1 deletion phpunit.xml.dist
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit backupGlobals="false"
backupStaticAttributes="false"
beStrictAboutTestsThatDoNotTestAnything="false"
bootstrap="vendor/autoload.php"
colors="true"
convertErrorsToExceptions="true"
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
processIsolation="false"
stopOnError="false"
stopOnFailure="false"
syntaxCheck="false"
verbose="true"
>
<testsuites>
<testsuite name="Trusted Proxy Test Suite">
Expand Down
20 changes: 17 additions & 3 deletions src/TrustProxies.php
Original file line number Diff line number Diff line change
Expand Up @@ -119,10 +119,24 @@ protected function getTrustedHeaderNames()
case Request::HEADER_FORWARDED:
return Request::HEADER_FORWARDED;
break;
case 'HEADER_X_FORWARDED_ALL':
case Request::HEADER_X_FORWARDED_ALL:
return Request::HEADER_X_FORWARDED_ALL;
case 'HEADER_X_FORWARDED_FOR':
case Request::HEADER_X_FORWARDED_FOR:
return Request::HEADER_X_FORWARDED_FOR;
break;
case 'HEADER_X_FORWARDED_HOST':
case Request::HEADER_X_FORWARDED_HOST:
return Request::HEADER_X_FORWARDED_HOST;
break;
case 'HEADER_X_FORWARDED_PORT':
case Request::HEADER_X_FORWARDED_PORT:
return Request::HEADER_X_FORWARDED_PORT;
break;
case 'HEADER_X_FORWARDED_PROTO':
case Request::HEADER_X_FORWARDED_PROTO:
return Request::HEADER_X_FORWARDED_PROTO;
break;
default:
return Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO | Request::HEADER_X_FORWARDED_AWS_ELB;
}

return $headers;
Expand Down
20 changes: 11 additions & 9 deletions tests/TrustedProxyTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

class TrustedProxyTest extends TestCase
{
private $headerAll = Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO | Request::HEADER_X_FORWARDED_AWS_ELB;

/**
* Test that Symfony does indeed NOT trust X-Forwarded-*
* headers when not given trusted proxies
Expand Down Expand Up @@ -34,7 +36,7 @@ public function test_request_does_not_trust()
public function test_does_trust_trusted_proxy()
{
$req = $this->createProxiedRequest();
$req->setTrustedProxies(['192.168.10.10'], Request::HEADER_X_FORWARDED_ALL);
$req->setTrustedProxies(['192.168.10.10'], $this->headerAll);

$this->assertEquals('173.174.200.38', $req->getClientIp(), 'Assert trusted proxy x-forwarded-for header used');
$this->assertEquals('https', $req->getScheme(), 'Assert trusted proxy x-forwarded-proto header used');
Expand All @@ -48,7 +50,7 @@ public function test_does_trust_trusted_proxy()
*/
public function test_trusted_proxy_sets_trusted_proxies_with_wildcard()
{
$trustedProxy = $this->createTrustedProxy(Request::HEADER_X_FORWARDED_ALL, '*');
$trustedProxy = $this->createTrustedProxy($this->headerAll, '*');
$request = $this->createProxiedRequest();

$trustedProxy->handle($request, function ($request) {
Expand All @@ -62,7 +64,7 @@ public function test_trusted_proxy_sets_trusted_proxies_with_wildcard()
*/
public function test_trusted_proxy_sets_trusted_proxies_with_double_wildcard_for_backwards_compat()
{
$trustedProxy = $this->createTrustedProxy(Request::HEADER_X_FORWARDED_ALL, '**');
$trustedProxy = $this->createTrustedProxy($this->headerAll, '**');
$request = $this->createProxiedRequest();

$trustedProxy->handle($request, function ($request) {
Expand All @@ -76,7 +78,7 @@ public function test_trusted_proxy_sets_trusted_proxies_with_double_wildcard_for
*/
public function test_trusted_proxy_sets_trusted_proxies()
{
$trustedProxy = $this->createTrustedProxy(Request::HEADER_X_FORWARDED_ALL, ['192.168.10.10']);
$trustedProxy = $this->createTrustedProxy($this->headerAll, ['192.168.10.10']);
$request = $this->createProxiedRequest();

$trustedProxy->handle($request, function ($request) {
Expand All @@ -89,7 +91,7 @@ public function test_trusted_proxy_sets_trusted_proxies()
*/
public function test_get_client_ips()
{
$trustedProxy = $this->createTrustedProxy(Request::HEADER_X_FORWARDED_ALL, ['192.168.10.10']);
$trustedProxy = $this->createTrustedProxy($this->headerAll, ['192.168.10.10']);

$forwardedFor = [
'192.0.2.2',
Expand All @@ -113,7 +115,7 @@ public function test_get_client_ips()
*/
public function test_get_client_ip_with_muliple_ip_addresses_some_of_which_are_trusted()
{
$trustedProxy = $this->createTrustedProxy(Request::HEADER_X_FORWARDED_ALL, ['192.168.10.10', '192.0.2.199']);
$trustedProxy = $this->createTrustedProxy($this->headerAll, ['192.168.10.10', '192.0.2.199']);

$forwardedFor = [
'192.0.2.2',
Expand All @@ -136,7 +138,7 @@ public function test_get_client_ip_with_muliple_ip_addresses_some_of_which_are_t
*/
public function test_get_client_ip_with_muliple_ip_addresses_all_proxies_are_trusted()
{
$trustedProxy = $this->createTrustedProxy(Request::HEADER_X_FORWARDED_ALL, '*');
$trustedProxy = $this->createTrustedProxy($this->headerAll, '*');

$forwardedFor = [
'192.0.2.2',
Expand Down Expand Up @@ -294,7 +296,7 @@ public function test_is_reading_text_based_configurations()
// trust *all* "X-Forwarded-*" headers
$trustedProxy = $this->createTrustedProxy('HEADER_X_FORWARDED_ALL', '192.168.1.1, 192.168.1.2');
$trustedProxy->handle($request, function (Request $request) {
$this->assertEquals($request->getTrustedHeaderSet(), Request::HEADER_X_FORWARDED_ALL,
$this->assertEquals($request->getTrustedHeaderSet(), $this->headerAll,
'Assert trusted proxy used all "X-Forwarded-*" header');

$this->assertEquals($request->getTrustedProxies(), ['192.168.1.1', '192.168.1.2'],
Expand Down Expand Up @@ -351,7 +353,7 @@ protected function createProxiedRequest($serverOverRides = [])
// which is likely something like this:
$request = Request::create('http://localhost:8888/tag/proxy', 'GET', [], [], [], $serverOverRides, null);
// Need to make sure these haven't already been set
$request->setTrustedProxies([], Request::HEADER_X_FORWARDED_ALL);
$request->setTrustedProxies([], $this->headerAll);

return $request;
}
Expand Down

0 comments on commit ccad693

Please sign in to comment.