Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer. #26973
SubRequest used in
@nicolas-grekas probably yes, but I think that it might be tricky.
At first, it would be necessary to change this line: https://github.com/kmadejski/symfony/blob/3b3d5903109feadbdf4b40fb9f11929cdcc617ac/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php#L79 and store
Secondly, we would have to set some flag because
Of course, if you think that it's a good idea then I can try to do the change as described.
Alternatively, could we skip setting it? Tried to check blame a few rounds back for why ip is set to localhost in the first place, but seems to have been added when logic was moved in #6459. So not sure why it's done like that, but back then localhost seems to have been considered trusted: https://github.com/symfony/symfony/pull/6459/files#diff-5a6abcbb3081371c8f5e3b9434c1ec18R87
added a commit
this pull request
May 27, 2018
@artursvonda it seems that you are right. As a workaround, for now, you can simply set
@nicolas-grekas I think that dealing with getting the first valid IP within given CIDR is too much for
If you agree then I will create a new PR with the proposed change.