-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compatibility with Symfony 3.3+, with backwards compatibility #70
Changes from 3 commits
14e8ce6
92f1a85
423ed46
86f1e77
8597264
3d3b995
5596f05
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -71,6 +71,9 @@ protected function setTrustedProxyIpAddresses($request) | |
|
||
// We trust any IP address that calls us, but not proxies further | ||
// up the forwarding chain. | ||
// todo: Determine if this should only trust the first IP address | ||
// Currently it trusts the entire chain (array of IPs), | ||
// potentially making the "**" convention redundant. | ||
if ($trustedIps === '*') { | ||
return $this->setTrustedProxyIpAddressesToTheCallingIp($request); | ||
} | ||
|
@@ -83,36 +86,59 @@ protected function setTrustedProxyIpAddresses($request) | |
} | ||
} | ||
|
||
/** | ||
* We specify the IP addresses to trust explicitly | ||
* @param $request | ||
* @param $trustedIps | ||
*/ | ||
private function setTrustedProxyIpAddressesToSpecificIps($request, $trustedIps) | ||
{ | ||
$request->setTrustedProxies((array) $trustedIps); | ||
$request->setTrustedProxies((array) $trustedIps, $this->getTrustedHeaderNames()); | ||
} | ||
|
||
private function setTrustedProxyIpAddressesToTheCallingIp($request) { | ||
$request->setTrustedProxies($request->getClientIps()); | ||
/** | ||
* We set the trusted proxy to be the first IP addresses received | ||
* @param $request | ||
*/ | ||
private function setTrustedProxyIpAddressesToTheCallingIp($request) | ||
{ | ||
$request->setTrustedProxies($request->getClientIps(), $this->getTrustedHeaderNames()); | ||
} | ||
|
||
/** | ||
* Trust all IP Addresses | ||
* @param $request | ||
*/ | ||
private function setTrustedProxyIpAddressesToAllIps($request) | ||
{ | ||
// 0.0.0.0/0 is the CIDR for all ipv4 addresses | ||
// 2000:0:0:0:0:0:0:0/3 is the CIDR for all ipv6 addresses currently | ||
// allocated http://www.iana.org/assignments/ipv6-unicast-address-assignments/ipv6-unicast-address-assignments.xhtml | ||
$request->setTrustedProxies(['0.0.0.0/0', '2000:0:0:0:0:0:0:0/3']); | ||
$request->setTrustedProxies(['0.0.0.0/0', '2000:0:0:0:0:0:0:0/3'], $this->getTrustedHeaderNames()); | ||
} | ||
|
||
/** | ||
* Set the trusted header names based on teh content of trustedproxy.headers | ||
* | ||
* Set the trusted header names based on the content of trustedproxy.headers | ||
* Note: Depreciated in Symfony 3.3+, but available for backwards compatibility | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Typo (Depreciated) 😄 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You can use the deprecated tag for this kind of info |
||
* @param \Illuminate\Http\Request $request | ||
*/ | ||
protected function setTrustedProxyHeaderNames($request) | ||
{ | ||
$trustedHeaderNames = $this->headers ?: $this->config->get('trustedproxy.headers'); | ||
$trustedHeaderNames = $this->getTrustedHeaderNames(); | ||
|
||
if(!is_array($trustedHeaderNames)) { return; } // Leave the defaults | ||
|
||
foreach ($trustedHeaderNames as $headerKey => $headerName) { | ||
$request->setTrustedHeaderName($headerKey, $headerName); | ||
} | ||
} | ||
|
||
/** | ||
* Retrieve trusted header names | ||
* @return mixed | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. we can probably be more specific here There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thinking something like "get trusted header names, falling back to defaults if not found in config" ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I was meaning with the return type. :) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. While it could technically return anything, we should document it to return what we actually expect it to return. |
||
*/ | ||
protected function getTrustedHeaderNames() | ||
{ | ||
return $this->headers ?: $this->config->get('trustedproxy.headers'); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing newline and full stop in each case.