[BC BREAK][HttpFoundation] Request::setTrustedProxies() takes a new required $trustedHeaderSet argument
This commit is contained in:
parent
e3d99649aa
commit
72e28957e2
@ -207,9 +207,8 @@ FrameworkBundle
|
|||||||
HttpFoundation
|
HttpFoundation
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
* The `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument - not setting it is deprecated.
|
* [BC BREAK] The `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument.
|
||||||
Set it to `Request::HEADER_FORWARDED` if your reverse-proxy uses the RFC7239 `Forwarded` header,
|
See http://symfony.com/doc/current/components/http_foundation/trusting_proxies.html for more info.
|
||||||
or to `Request::HEADER_X_FORWARDED_ALL` if it is using `X-Forwarded-*` headers instead.
|
|
||||||
|
|
||||||
* The `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods are deprecated,
|
* The `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods are deprecated,
|
||||||
use the RFC7239 `Forwarded` header, or the `X-Forwarded-*` headers instead.
|
use the RFC7239 `Forwarded` header, or the `X-Forwarded-*` headers instead.
|
||||||
|
@ -300,8 +300,7 @@ HttpFoundation
|
|||||||
--------------
|
--------------
|
||||||
|
|
||||||
* The `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument.
|
* The `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument.
|
||||||
Set it to `Request::HEADER_FORWARDED` if your reverse-proxy uses the RFC7239 `Forwarded` header,
|
See http://symfony.com/doc/current/components/http_foundation/trusting_proxies.html for more info.
|
||||||
or to `Request::HEADER_X_FORWARDED_ALL` if it is using `X-Forwarded-*` headers instead.
|
|
||||||
|
|
||||||
* The `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods have been removed.
|
* The `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods have been removed.
|
||||||
|
|
||||||
|
@ -4,6 +4,7 @@ CHANGELOG
|
|||||||
3.3.0
|
3.3.0
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
* [BC BREAK] Removed the "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter
|
||||||
* Added a new new version strategy option called json_manifest_path
|
* Added a new new version strategy option called json_manifest_path
|
||||||
that allows you to use the `JsonManifestVersionStrategy`.
|
that allows you to use the `JsonManifestVersionStrategy`.
|
||||||
* Added `Symfony\Bundle\FrameworkBundle\Controller\AbstractController`. It provides
|
* Added `Symfony\Bundle\FrameworkBundle\Controller\AbstractController`. It provides
|
||||||
@ -11,7 +12,6 @@ CHANGELOG
|
|||||||
injection container, in order to encourage explicit dependency declarations.
|
injection container, in order to encourage explicit dependency declarations.
|
||||||
* Added support for the `controller.service_arguments` tag, for injecting services into controllers' actions
|
* Added support for the `controller.service_arguments` tag, for injecting services into controllers' actions
|
||||||
* Deprecated `cache:clear` with warmup (always call it with `--no-warmup`)
|
* Deprecated `cache:clear` with warmup (always call it with `--no-warmup`)
|
||||||
* Deprecated the "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter
|
|
||||||
* Changed default configuration for
|
* Changed default configuration for
|
||||||
assets/forms/validation/translation/serialization/csrf from `canBeEnabled()` to
|
assets/forms/validation/translation/serialization/csrf from `canBeEnabled()` to
|
||||||
`canBeDisabled()` when Flex is used
|
`canBeDisabled()` when Flex is used
|
||||||
|
@ -59,48 +59,16 @@ class Configuration implements ConfigurationInterface
|
|||||||
return $v;
|
return $v;
|
||||||
})
|
})
|
||||||
->end()
|
->end()
|
||||||
->beforeNormalization()
|
|
||||||
->ifTrue(function ($v) { return isset($v['trusted_proxies']); })
|
|
||||||
->then(function ($v) {
|
|
||||||
@trigger_error('The "framework.trusted_proxies" configuration key is deprecated since version 3.3 and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED);
|
|
||||||
|
|
||||||
return $v;
|
|
||||||
})
|
|
||||||
->end()
|
|
||||||
->children()
|
->children()
|
||||||
->scalarNode('secret')->end()
|
->scalarNode('secret')->end()
|
||||||
->scalarNode('http_method_override')
|
->scalarNode('http_method_override')
|
||||||
->info("Set true to enable support for the '_method' request parameter to determine the intended HTTP method on POST requests. Note: When using the HttpCache, you need to call the method in your front controller instead")
|
->info("Set true to enable support for the '_method' request parameter to determine the intended HTTP method on POST requests. Note: When using the HttpCache, you need to call the method in your front controller instead")
|
||||||
->defaultTrue()
|
->defaultTrue()
|
||||||
->end()
|
->end()
|
||||||
->arrayNode('trusted_proxies')
|
->arrayNode('trusted_proxies') // @deprecated in version 3.3, to be removed in 4.0
|
||||||
->beforeNormalization()
|
->beforeNormalization()
|
||||||
->ifTrue(function ($v) { return !is_array($v) && null !== $v; })
|
->always()
|
||||||
->then(function ($v) { return is_bool($v) ? array() : preg_split('/\s*,\s*/', $v); })
|
->thenInvalid('The "framework.trusted_proxies" configuration key has been removed in Symfony 3.3. Use the Request::setTrustedProxies() method in your front controller instead.')
|
||||||
->end()
|
|
||||||
->prototype('scalar')
|
|
||||||
->validate()
|
|
||||||
->ifTrue(function ($v) {
|
|
||||||
if (empty($v)) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (false !== strpos($v, '/')) {
|
|
||||||
if ('0.0.0.0/0' === $v) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
list($v, $mask) = explode('/', $v, 2);
|
|
||||||
|
|
||||||
if (strcmp($mask, (int) $mask) || $mask < 1 || $mask > (false !== strpos($v, ':') ? 128 : 32)) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return !filter_var($v, FILTER_VALIDATE_IP);
|
|
||||||
})
|
|
||||||
->thenInvalid('Invalid proxy IP "%s"')
|
|
||||||
->end()
|
|
||||||
->end()
|
->end()
|
||||||
->end()
|
->end()
|
||||||
->scalarNode('ide')->defaultNull()->end()
|
->scalarNode('ide')->defaultNull()->end()
|
||||||
|
@ -124,7 +124,6 @@ class FrameworkExtension extends Extension
|
|||||||
|
|
||||||
$container->setParameter('kernel.http_method_override', $config['http_method_override']);
|
$container->setParameter('kernel.http_method_override', $config['http_method_override']);
|
||||||
$container->setParameter('kernel.trusted_hosts', $config['trusted_hosts']);
|
$container->setParameter('kernel.trusted_hosts', $config['trusted_hosts']);
|
||||||
$container->setParameter('kernel.trusted_proxies', $config['trusted_proxies']);
|
|
||||||
$container->setParameter('kernel.default_locale', $config['default_locale']);
|
$container->setParameter('kernel.default_locale', $config['default_locale']);
|
||||||
|
|
||||||
if (!$container->hasParameter('debug.file_link_format')) {
|
if (!$container->hasParameter('debug.file_link_format')) {
|
||||||
|
@ -61,11 +61,13 @@ class FrameworkBundle extends Bundle
|
|||||||
{
|
{
|
||||||
ErrorHandler::register(null, false)->throwAt($this->container->getParameter('debug.error_handler.throw_at'), true);
|
ErrorHandler::register(null, false)->throwAt($this->container->getParameter('debug.error_handler.throw_at'), true);
|
||||||
|
|
||||||
if ($trustedProxies = $this->container->getParameter('kernel.trusted_proxies')) {
|
if ($this->container->hasParameter('kernel.trusted_proxies')) {
|
||||||
@trigger_error('The "kernel.trusted_proxies" parameter is deprecated since version 3.3 and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED);
|
@trigger_error('The "kernel.trusted_proxies" parameter is deprecated since version 3.3 and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED);
|
||||||
|
|
||||||
|
if ($trustedProxies = $this->container->getParameter('kernel.trusted_proxies')) {
|
||||||
Request::setTrustedProxies($trustedProxies, Request::getTrustedHeaderSet());
|
Request::setTrustedProxies($trustedProxies, Request::getTrustedHeaderSet());
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if ($this->container->getParameter('kernel.http_method_override')) {
|
if ($this->container->getParameter('kernel.http_method_override')) {
|
||||||
Request::enableHttpMethodParameterOverride();
|
Request::enableHttpMethodParameterOverride();
|
||||||
|
@ -43,70 +43,6 @@ class ConfigurationTest extends TestCase
|
|||||||
$this->assertEquals(array('FrameworkBundle:Form'), $config['templating']['form']['resources']);
|
$this->assertEquals(array('FrameworkBundle:Form'), $config['templating']['form']['resources']);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @group legacy
|
|
||||||
* @dataProvider getTestValidTrustedProxiesData
|
|
||||||
*/
|
|
||||||
public function testValidTrustedProxies($trustedProxies, $processedProxies)
|
|
||||||
{
|
|
||||||
$processor = new Processor();
|
|
||||||
$configuration = new Configuration(true);
|
|
||||||
$config = $processor->processConfiguration($configuration, array(array(
|
|
||||||
'secret' => 's3cr3t',
|
|
||||||
'trusted_proxies' => $trustedProxies,
|
|
||||||
)));
|
|
||||||
|
|
||||||
$this->assertEquals($processedProxies, $config['trusted_proxies']);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getTestValidTrustedProxiesData()
|
|
||||||
{
|
|
||||||
return array(
|
|
||||||
array(array('127.0.0.1'), array('127.0.0.1')),
|
|
||||||
array(array('::1'), array('::1')),
|
|
||||||
array(array('127.0.0.1', '::1'), array('127.0.0.1', '::1')),
|
|
||||||
array(null, array()),
|
|
||||||
array(false, array()),
|
|
||||||
array(array(), array()),
|
|
||||||
array(array('10.0.0.0/8'), array('10.0.0.0/8')),
|
|
||||||
array(array('::ffff:0:0/96'), array('::ffff:0:0/96')),
|
|
||||||
array(array('0.0.0.0/0'), array('0.0.0.0/0')),
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @group legacy
|
|
||||||
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
|
|
||||||
*/
|
|
||||||
public function testInvalidTypeTrustedProxies()
|
|
||||||
{
|
|
||||||
$processor = new Processor();
|
|
||||||
$configuration = new Configuration(true);
|
|
||||||
$processor->processConfiguration($configuration, array(
|
|
||||||
array(
|
|
||||||
'secret' => 's3cr3t',
|
|
||||||
'trusted_proxies' => 'Not an IP address',
|
|
||||||
),
|
|
||||||
));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @group legacy
|
|
||||||
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
|
|
||||||
*/
|
|
||||||
public function testInvalidValueTrustedProxies()
|
|
||||||
{
|
|
||||||
$processor = new Processor();
|
|
||||||
$configuration = new Configuration(true);
|
|
||||||
|
|
||||||
$processor->processConfiguration($configuration, array(
|
|
||||||
array(
|
|
||||||
'secret' => 's3cr3t',
|
|
||||||
'trusted_proxies' => array('Not an IP address'),
|
|
||||||
),
|
|
||||||
));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function testAssetsCanBeEnabled()
|
public function testAssetsCanBeEnabled()
|
||||||
{
|
{
|
||||||
$processor = new Processor();
|
$processor = new Processor();
|
||||||
@ -188,7 +124,6 @@ class ConfigurationTest extends TestCase
|
|||||||
{
|
{
|
||||||
return array(
|
return array(
|
||||||
'http_method_override' => true,
|
'http_method_override' => true,
|
||||||
'trusted_proxies' => array(),
|
|
||||||
'ide' => null,
|
'ide' => null,
|
||||||
'default_locale' => 'en',
|
'default_locale' => 'en',
|
||||||
'csrf_protection' => array(
|
'csrf_protection' => array(
|
||||||
|
@ -4,7 +4,8 @@ CHANGELOG
|
|||||||
3.3.0
|
3.3.0
|
||||||
-----
|
-----
|
||||||
|
|
||||||
* added `$trustedHeaderSet` argument to `Request::setTrustedProxies()` - deprecate not setting it,
|
* [BC BREAK] the `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument,
|
||||||
|
see http://symfony.com/doc/current/components/http_foundation/trusting_proxies.html for more info,
|
||||||
* deprecated the `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods,
|
* deprecated the `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods,
|
||||||
* added `File\Stream`, to be passed to `BinaryFileResponse` when the size of the served file is unknown,
|
* added `File\Stream`, to be passed to `BinaryFileResponse` when the size of the served file is unknown,
|
||||||
disabling `Range` and `Content-Length` handling, switching to chunked encoding instead
|
disabling `Range` and `Content-Length` handling, switching to chunked encoding instead
|
||||||
|
@ -589,9 +589,8 @@ class Request
|
|||||||
self::$trustedProxies = $proxies;
|
self::$trustedProxies = $proxies;
|
||||||
|
|
||||||
if (2 > func_num_args()) {
|
if (2 > func_num_args()) {
|
||||||
@trigger_error(sprintf('The %s() method expects a bit field of Request::HEADER_* as second argument. Not defining it is deprecated since version 3.3 and will be required in 4.0.', __METHOD__), E_USER_DEPRECATED);
|
// @deprecated code path in 3.3, to be replaced by mandatory argument in 4.0.
|
||||||
|
throw new \InvalidArgumentException(sprintf('The %s() method expects a bit field of Request::HEADER_* as second argument. Defining it is required since version 3.3. See http://symfony.com/doc/current/components/http_foundation/trusting_proxies.html for more info.', __METHOD__));
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
$trustedHeaderSet = func_get_arg(1);
|
$trustedHeaderSet = func_get_arg(1);
|
||||||
|
|
||||||
|
@ -2125,22 +2125,6 @@ class RequestTest extends TestCase
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @group legacy
|
|
||||||
* @expectedDeprecation The Symfony\Component\HttpFoundation\Request::setTrustedProxies() method expects a bit field of Request::HEADER_* as second argument. Not defining it is deprecated since version 3.3 and will be required in 4.0.
|
|
||||||
* @expectedDeprecation The "Symfony\Component\HttpFoundation\Request::getTrustedHeaderName()" method is deprecated since version 3.3 and will be removed in 4.0. Use the Request::getTrustedHeaderSet() method instead.
|
|
||||||
*/
|
|
||||||
public function testSetTrustedProxiesNoSecondArg()
|
|
||||||
{
|
|
||||||
Request::setTrustedProxies(array('8.8.8.8'));
|
|
||||||
|
|
||||||
$this->assertSame('FORWARDED', Request::getTrustedHeaderName(Request::HEADER_FORWARDED));
|
|
||||||
$this->assertSame('X_FORWARDED_FOR', Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP));
|
|
||||||
$this->assertSame('X_FORWARDED_HOST', Request::getTrustedHeaderName(Request::HEADER_CLIENT_HOST));
|
|
||||||
$this->assertSame('X_FORWARDED_PORT', Request::getTrustedHeaderName(Request::HEADER_CLIENT_PORT));
|
|
||||||
$this->assertSame('X_FORWARDED_PROTO', Request::getTrustedHeaderName(Request::HEADER_CLIENT_PROTO));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @group legacy
|
* @group legacy
|
||||||
*/
|
*/
|
||||||
|
Reference in New Issue
Block a user