Compatibility with Symfony 3.3+, with backwards compatibility

src/TrustProxies.php

@@ -71,6 +71,9 @@ protected function setTrustedProxyIpAddresses($request)
 
         // We trust any IP address that calls us, but not proxies further
         // up the forwarding chain.
+        // TODO: Determine if this should only trust the first IP address
+        //       Currently it trusts the entire chain (array of IPs),
+        //        potentially making the "**" convention redundant.
         if ($trustedIps === '*') {
             return $this->setTrustedProxyIpAddressesToTheCallingIp($request);
         }
@@ -83,36 +86,77 @@ protected function setTrustedProxyIpAddresses($request)
         }
     }
 
+    /**
+     * We specify the IP addresses to trust explicitly
+     *
+     * @param $request
+     * @param $trustedIps
+     */
     private function setTrustedProxyIpAddressesToSpecificIps($request, $trustedIps)
     {
-        $request->setTrustedProxies((array) $trustedIps);
+        $request->setTrustedProxies((array) $trustedIps, $this->getTrustedHeaderSet());
     }
 
-    private function setTrustedProxyIpAddressesToTheCallingIp($request) {
-        $request->setTrustedProxies($request->getClientIps());
+    /**
+     * We set the trusted proxy to be the first IP addresses received
+     *
+     * @param $request
+     */
+    private function setTrustedProxyIpAddressesToTheCallingIp($request)
+    {
+        $request->setTrustedProxies($request->getClientIps(), $this->getTrustedHeaderSet());
     }
 
+    /**
+     * Trust all IP Addresses
+     *
+     * @param $request
+     */
     private function setTrustedProxyIpAddressesToAllIps($request)
     {
         // 0.0.0.0/0 is the CIDR for all ipv4 addresses
         // 2000:0:0:0:0:0:0:0/3 is the CIDR for all ipv6 addresses currently
         // allocated http://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast-address-assignments.xhtml
-        $request->setTrustedProxies(['0.0.0.0/0', '2000:0:0:0:0:0:0:0/3']);
+        $request->setTrustedProxies(['0.0.0.0/0', '2000:0:0:0:0:0:0:0/3'], $this->getTrustedHeaderSet());
     }
 
     /**
-     * Set the trusted header names based on teh content of trustedproxy.headers
+     * Set the trusted header names based on the content of trustedproxy.headers
+     * Note: Depreciated in Symfony 3.3+, but available for backwards compatibility
      *
+     * @depreciated
      * @param \Illuminate\Http\Request $request
      */
     protected function setTrustedProxyHeaderNames($request)
     {
-        $trustedHeaderNames = $this->headers ?: $this->config->get('trustedproxy.headers');
+        $trustedHeaderNames = $this->getTrustedHeaderNames();
 
         if(!is_array($trustedHeaderNames)) { return; } // Leave the defaults
 
         foreach ($trustedHeaderNames as $headerKey => $headerName) {
             $request->setTrustedHeaderName($headerKey, $headerName);
         }
     }
+
+    /**
+     * Retrieve trusted header names, falling back to defaults if config not set
+     *
+     * @return array Proxy header names to use
+     */
+    protected function getTrustedHeaderNames()
+    {
+        return $this->headers ?: $this->config->get('trustedproxy.headers');
+    }
+
+
+    /**
+     * Construct bit field integer of the header set that setTrustedProxies() expects
+     * @return integer
+     */
+    protected function getTrustedHeaderSet()
+    {
+        return array_reduce(array_keys($this->getTrustedHeaderNames()), function ($set, $key) {
+            return $set | $key;
+        }, 0);
+    }
 }

tests/TrustedProxyTest.php

@@ -33,7 +33,7 @@ public function test_request_does_not_trust()
     public function test_does_trust_trusted_proxy()
     {
         $req = $this->createProxiedRequest();
-        $req->setTrustedProxies(['192.168.10.10']);
+        $req->setTrustedProxies(['192.168.10.10'], Request::HEADER_X_FORWARDED_ALL);
 
         $this->assertEquals('173.174.200.38', $req->getClientIp(), 'Assert trusted proxy x-forwarded-for header used');
         $this->assertEquals('https', $req->getScheme(), 'Assert trusted proxy x-forwarded-proto header used');
@@ -47,7 +47,7 @@ public function test_does_trust_trusted_proxy()
      */
     public function test_trusted_proxy_sets_trusted_proxies_with_wildcard()
     {
-        $trustedProxy = $this->createTrustedProxy([], '*');
+        $trustedProxy = $this->createTrustedProxy([Illuminate\Http\Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR'], '*');
         $request = $this->createProxiedRequest();
 
         $trustedProxy->handle($request, function ($request) {
@@ -63,7 +63,7 @@ public function test_trusted_proxy_sets_trusted_proxies_with_wildcard()
      */
     public function test_trusted_proxy_sets_trusted_proxies()
     {
-        $trustedProxy = $this->createTrustedProxy([], ['192.168.10.10']);
+        $trustedProxy = $this->createTrustedProxy([Illuminate\Http\Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR'], ['192.168.10.10']);
         $request = $this->createProxiedRequest();
 
         $trustedProxy->handle($request, function ($request) {
@@ -76,7 +76,7 @@ public function test_trusted_proxy_sets_trusted_proxies()
      */
     public function test_get_client_ips()
     {
-        $trustedProxy = $this->createTrustedProxy([], ['192.168.10.10']);
+        $trustedProxy = $this->createTrustedProxy([Illuminate\Http\Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR'], ['192.168.10.10']);
 
         $forwardedFor = [
             '192.0.2.2',
@@ -100,7 +100,7 @@ public function test_get_client_ips()
      */
     public function test_get_client_ip_with_muliple_ip_addresses_some_of_which_are_trusted()
     {
-        $trustedProxy = $this->createTrustedProxy([], ['192.168.10.10', '192.0.2.199']);
+        $trustedProxy = $this->createTrustedProxy([Illuminate\Http\Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR'], ['192.168.10.10', '192.0.2.199']);
 
         $forwardedFor = [
             '192.0.2.2',
@@ -123,7 +123,7 @@ public function test_get_client_ip_with_muliple_ip_addresses_some_of_which_are_t
      */
     public function test_get_client_ip_with_muliple_ip_addresses_all_proxies_are_trusted()
     {
-        $trustedProxy = $this->createTrustedProxy([], '*');
+        $trustedProxy = $this->createTrustedProxy([Illuminate\Http\Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR'], '*');
 
         $forwardedFor = [
             '192.0.2.2',
@@ -146,7 +146,7 @@ public function test_get_client_ip_with_muliple_ip_addresses_all_proxies_are_tru
      */
     public function test_get_client_ip_with_muliple_ip_addresses_all_proxies_and_all_forwarding_proxies_are_trusted()
     {
-        $trustedProxy = $this->createTrustedProxy([], '**');
+        $trustedProxy = $this->createTrustedProxy([Illuminate\Http\Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR'], '**');
 
         $forwardedFor = [
             '192.0.2.2',
@@ -235,7 +235,7 @@ protected function createProxiedRequest($serverOverRides = [])
         // which is likely something like this:
         $request = Request::create('http://localhost:8888/tag/proxy', 'GET', [], [], [], $serverOverRides, null);
         // Need to make sure these haven't already been set
-        $request->setTrustedProxies([]);
+        $request->setTrustedProxies([], Request::HEADER_X_FORWARDED_ALL);
 
         return $request;
     }