[HttpFoundation][FrameworkBundle] Revert "trusted proxies" BC break
This commit is contained in:
Nicolas Grekas
parent
c973e8ad00
commit
2132333059
@ -7,7 +7,7 @@ CHANGELOG
|
||||
* Not defining the `type` option of the `framework.workflows.*` configuration entries is deprecated.
|
||||
The default value will be `state_machine` in Symfony 4.0.
|
||||
* Deprecated the `CompilerDebugDumpPass` class
|
||||
* [BC BREAK] Removed the "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter
|
||||
* Deprecated the "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter
|
||||
* Added a new new version strategy option called json_manifest_path
|
||||
that allows you to use the `JsonManifestVersionStrategy`.
|
||||
* Added `Symfony\Bundle\FrameworkBundle\Controller\AbstractController`. It provides
|
||||
|
||||
@ -65,14 +65,38 @@ class Configuration implements ConfigurationInterface
|
||||
->info("Set true to enable support for the '_method' request parameter to determine the intended HTTP method on POST requests. Note: When using the HttpCache, you need to call the method in your front controller instead")
|
||||
->defaultTrue()
|
||||
->end()
|
||||
->arrayNode('trusted_proxies') // @deprecated in version 3.3, to be removed in 4.0
|
||||
->arrayNode('trusted_proxies')
|
||||
->beforeNormalization()
|
||||
->ifTrue(function ($v) { return empty($v); })
|
||||
->then(function () { @trigger_error('The "framework.trusted_proxies" configuration key has been removed in Symfony 3.3. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED); })
|
||||
->ifTrue(function ($v) {
|
||||
@trigger_error('The "framework.trusted_proxies" configuration key has been deprecated in Symfony 3.3. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED);
|
||||
|
||||
return !is_array($v) && null !== $v;
|
||||
})
|
||||
->then(function ($v) { return is_bool($v) ? array() : preg_split('/\s*,\s*/', $v); })
|
||||
->end()
|
||||
->beforeNormalization()
|
||||
->ifTrue(function ($v) { return !empty($v); })
|
||||
->thenInvalid('The "framework.trusted_proxies" configuration key has been removed in Symfony 3.3. Use the Request::setTrustedProxies() method in your front controller instead.')
|
||||
->prototype('scalar')
|
||||
->validate()
|
||||
->ifTrue(function ($v) {
|
||||
if (empty($v)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (false !== strpos($v, '/')) {
|
||||
if ('0.0.0.0/0' === $v) {
|
||||
return false;
|
||||
}
|
||||
|
||||
list($v, $mask) = explode('/', $v, 2);
|
||||
|
||||
if (strcmp($mask, (int) $mask) || $mask < 1 || $mask > (false !== strpos($v, ':') ? 128 : 32)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return !filter_var($v, FILTER_VALIDATE_IP);
|
||||
})
|
||||
->thenInvalid('Invalid proxy IP "%s"')
|
||||
->end()
|
||||
->end()
|
||||
->end()
|
||||
->scalarNode('ide')->defaultNull()->end()
|
||||
|
||||
@ -146,6 +146,9 @@ class FrameworkExtension extends Extension
|
||||
|
||||
$container->setParameter('kernel.http_method_override', $config['http_method_override']);
|
||||
$container->setParameter('kernel.trusted_hosts', $config['trusted_hosts']);
|
||||
if ($config['trusted_proxies']) {
|
||||
$container->setParameter('kernel.trusted_proxies', $config['trusted_proxies']);
|
||||
}
|
||||
$container->setParameter('kernel.default_locale', $config['default_locale']);
|
||||
|
||||
if (!$container->hasParameter('debug.file_link_format')) {
|
||||
|
||||
@ -45,7 +45,7 @@ class ConfigurationTest extends TestCase
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @expectedDeprecation The "framework.trusted_proxies" configuration key has been removed in Symfony 3.3. Use the Request::setTrustedProxies() method in your front controller instead.
|
||||
* @expectedDeprecation The "framework.trusted_proxies" configuration key has been deprecated in Symfony 3.3. Use the Request::setTrustedProxies() method in your front controller instead.
|
||||
*/
|
||||
public function testTrustedProxiesSetToNullIsDeprecated()
|
||||
{
|
||||
@ -56,7 +56,7 @@ class ConfigurationTest extends TestCase
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @expectedDeprecation The "framework.trusted_proxies" configuration key has been removed in Symfony 3.3. Use the Request::setTrustedProxies() method in your front controller instead.
|
||||
* @expectedDeprecation The "framework.trusted_proxies" configuration key has been deprecated in Symfony 3.3. Use the Request::setTrustedProxies() method in your front controller instead.
|
||||
*/
|
||||
public function testTrustedProxiesSetToEmptyArrayIsDeprecated()
|
||||
{
|
||||
@ -66,7 +66,8 @@ class ConfigurationTest extends TestCase
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \InvalidArgumentException
|
||||
* @group legacy
|
||||
* @expectedDeprecation The "framework.trusted_proxies" configuration key has been deprecated in Symfony 3.3. Use the Request::setTrustedProxies() method in your front controller instead.
|
||||
*/
|
||||
public function testTrustedProxiesSetToNonEmptyArrayIsInvalid()
|
||||
{
|
||||
@ -75,6 +76,70 @@ class ConfigurationTest extends TestCase
|
||||
$processor->processConfiguration($configuration, array(array('trusted_proxies' => array('127.0.0.1'))));
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @dataProvider getTestValidTrustedProxiesData
|
||||
*/
|
||||
public function testValidTrustedProxies($trustedProxies, $processedProxies)
|
||||
{
|
||||
$processor = new Processor();
|
||||
$configuration = new Configuration(true);
|
||||
$config = $processor->processConfiguration($configuration, array(array(
|
||||
'secret' => 's3cr3t',
|
||||
'trusted_proxies' => $trustedProxies,
|
||||
)));
|
||||
|
||||
$this->assertEquals($processedProxies, $config['trusted_proxies']);
|
||||
}
|
||||
|
||||
public function getTestValidTrustedProxiesData()
|
||||
{
|
||||
return array(
|
||||
array(array('127.0.0.1'), array('127.0.0.1')),
|
||||
array(array('::1'), array('::1')),
|
||||
array(array('127.0.0.1', '::1'), array('127.0.0.1', '::1')),
|
||||
array(null, array()),
|
||||
array(false, array()),
|
||||
array(array(), array()),
|
||||
array(array('10.0.0.0/8'), array('10.0.0.0/8')),
|
||||
array(array('::ffff:0:0/96'), array('::ffff:0:0/96')),
|
||||
array(array('0.0.0.0/0'), array('0.0.0.0/0')),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
|
||||
*/
|
||||
public function testInvalidTypeTrustedProxies()
|
||||
{
|
||||
$processor = new Processor();
|
||||
$configuration = new Configuration(true);
|
||||
$processor->processConfiguration($configuration, array(
|
||||
array(
|
||||
'secret' => 's3cr3t',
|
||||
'trusted_proxies' => 'Not an IP address',
|
||||
),
|
||||
));
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
|
||||
*/
|
||||
public function testInvalidValueTrustedProxies()
|
||||
{
|
||||
$processor = new Processor();
|
||||
$configuration = new Configuration(true);
|
||||
|
||||
$processor->processConfiguration($configuration, array(
|
||||
array(
|
||||
'secret' => 's3cr3t',
|
||||
'trusted_proxies' => array('Not an IP address'),
|
||||
),
|
||||
));
|
||||
}
|
||||
|
||||
public function testAssetsCanBeEnabled()
|
||||
{
|
||||
$processor = new Processor();
|
||||
@ -156,6 +221,7 @@ class ConfigurationTest extends TestCase
|
||||
{
|
||||
return array(
|
||||
'http_method_override' => true,
|
||||
'trusted_proxies' => array(),
|
||||
'ide' => null,
|
||||
'default_locale' => 'en',
|
||||
'csrf_protection' => array(
|
||||
|
||||
@ -4,7 +4,7 @@ CHANGELOG
|
||||
3.3.0
|
||||
-----
|
||||
|
||||
* [BC BREAK] the `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument,
|
||||
* the `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument,
|
||||
see http://symfony.com/doc/current/components/http_foundation/trusting_proxies.html for more info,
|
||||
* deprecated the `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods,
|
||||
* added `File\Stream`, to be passed to `BinaryFileResponse` when the size of the served file is unknown,
|
||||
|
||||
@ -581,7 +581,7 @@ class Request
|
||||
* You should only list the reverse proxies that you manage directly.
|
||||
*
|
||||
* @param array $proxies A list of trusted proxies
|
||||
* @param int $trustedHeaderSet A bit field of Request::HEADER_*, usually either Request::HEADER_FORWARDED or Request::HEADER_X_FORWARDED_ALL, to set which headers to trust from your proxies
|
||||
* @param int $trustedHeaderSet A bit field of Request::HEADER_*, to set which headers to trust from your proxies
|
||||
*
|
||||
* @throws \InvalidArgumentException When $trustedHeaderSet is invalid
|
||||
*/
|
||||
@ -590,10 +590,11 @@ class Request
|
||||
self::$trustedProxies = $proxies;
|
||||
|
||||
if (2 > func_num_args()) {
|
||||
// @deprecated code path in 3.3, to be replaced by mandatory argument in 4.0.
|
||||
throw new \InvalidArgumentException(sprintf('The %s() method expects a bit field of Request::HEADER_* as second argument. Defining it is required since version 3.3. See http://symfony.com/doc/current/components/http_foundation/trusting_proxies.html for more info.', __METHOD__));
|
||||
@trigger_error(sprintf('The %s() method expects a bit field of Request::HEADER_* as second argument since version 3.3. Defining it will be required in 4.0. ', __METHOD__), E_USER_DEPRECATED);
|
||||
|
||||
return;
|
||||
}
|
||||
$trustedHeaderSet = func_get_arg(1);
|
||||
$trustedHeaderSet = (int) func_get_arg(1);
|
||||
|
||||
foreach (self::$trustedHeaderNames as $header => $name) {
|
||||
self::$trustedHeaders[$header] = $header & $trustedHeaderSet ? $name : null;
|
||||
@ -665,11 +666,11 @@ class Request
|
||||
*
|
||||
* @throws \InvalidArgumentException
|
||||
*
|
||||
* @deprecated since version 3.3, to be removed in 4.0. Use "X-Forwarded-*" headers or the "Forwarded" header defined in RFC7239, and the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
|
||||
* @deprecated since version 3.3, to be removed in 4.0. Use the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
|
||||
*/
|
||||
public static function setTrustedHeaderName($key, $value)
|
||||
{
|
||||
@trigger_error(sprintf('The "%s()" method is deprecated since version 3.3 and will be removed in 4.0. Use "X-Forwarded-*" headers or the "Forwarded" header defined in RFC7239, and the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.', __METHOD__), E_USER_DEPRECATED);
|
||||
@trigger_error(sprintf('The "%s()" method is deprecated since version 3.3 and will be removed in 4.0. Use the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.', __METHOD__), E_USER_DEPRECATED);
|
||||
|
||||
if (!array_key_exists($key, self::$trustedHeaders)) {
|
||||
throw new \InvalidArgumentException(sprintf('Unable to set the trusted header name for key "%s".', $key));
|
||||
@ -679,6 +680,9 @@ class Request
|
||||
|
||||
if (null !== $value) {
|
||||
self::$trustedHeaderNames[$key] = $value;
|
||||
self::$trustedHeaderSet |= $key;
|
||||
} else {
|
||||
self::$trustedHeaderSet &= ~$key;
|
||||
}
|
||||
}
|
||||
|
||||
@ -886,8 +890,8 @@ class Request
|
||||
* adding the IP address where it received the request from.
|
||||
*
|
||||
* If your reverse proxy uses a different header name than "X-Forwarded-For",
|
||||
* ("Client-Ip" for instance), configure it via "setTrustedHeaderName()" with
|
||||
* the "client-ip" key.
|
||||
* ("Client-Ip" for instance), configure it via the $trustedHeaderSet
|
||||
* argument of the Request::setTrustedProxies() method instead.
|
||||
*
|
||||
* @return string|null The client IP address
|
||||
*
|
||||
@ -993,7 +997,8 @@ class Request
|
||||
* The "X-Forwarded-Port" header must contain the client port.
|
||||
*
|
||||
* If your reverse proxy uses a different header name than "X-Forwarded-Port",
|
||||
* configure it via "setTrustedHeaderName()" with the "client-port" key.
|
||||
* configure it via via the $trustedHeaderSet argument of the
|
||||
* Request::setTrustedProxies() method instead.
|
||||
*
|
||||
* @return int|string can be a string if fetched from the server bag
|
||||
*/
|
||||
@ -1210,8 +1215,8 @@ class Request
|
||||
* The "X-Forwarded-Proto" header must contain the protocol: "https" or "http".
|
||||
*
|
||||
* If your reverse proxy uses a different header name than "X-Forwarded-Proto"
|
||||
* ("SSL_HTTPS" for instance), configure it via "setTrustedHeaderName()" with
|
||||
* the "client-proto" key.
|
||||
* ("SSL_HTTPS" for instance), configure it via the $trustedHeaderSet
|
||||
* argument of the Request::setTrustedProxies() method instead.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
@ -1235,7 +1240,8 @@ class Request
|
||||
* The "X-Forwarded-Host" header must contain the client host name.
|
||||
*
|
||||
* If your reverse proxy uses a different header name than "X-Forwarded-Host",
|
||||
* configure it via "setTrustedHeaderName()" with the "client-host" key.
|
||||
* configure it via the $trustedHeaderSet argument of the
|
||||
* Request::setTrustedProxies() method instead.
|
||||
*
|
||||
* @return string
|
||||
*
|
||||
|
||||
@ -1729,7 +1729,7 @@ class RequestTest extends TestCase
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @expectedDeprecation The "Symfony\Component\HttpFoundation\Request::setTrustedHeaderName()" method is deprecated since version 3.3 and will be removed in 4.0. Use "X-Forwarded-*" headers or the "Forwarded" header defined in RFC7239, and the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
|
||||
* @expectedDeprecation The "Symfony\Component\HttpFoundation\Request::setTrustedHeaderName()" method is deprecated since version 3.3 and will be removed in 4.0. Use the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
|
||||
*/
|
||||
public function testLegacyTrustedProxies()
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user