[HttpFoundation] Add $trustedHeaderSet arg to Request::setTrustedProxies() - deprecate not setting it
This commit is contained in:
Nicolas Grekas
parent
3023e4b707
commit
d3c960493c
@ -126,6 +126,9 @@ FrameworkBundle
|
||||
* The `cache:clear` command should always be called with the `--no-warmup` option.
|
||||
Warmup should be done via the `cache:warmup` command.
|
||||
|
||||
* The "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter have been deprecated and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.
|
||||
|
||||
|
||||
* The `Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\AddConsoleCommandPass` has been deprecated. Use `Symfony\Component\Console\DependencyInjection\AddConsoleCommandPass` instead.
|
||||
|
||||
* The `Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\SerializerPass` class has been
|
||||
@ -175,14 +178,24 @@ FrameworkBundle
|
||||
class has been deprecated and will be removed in 4.0. Use the
|
||||
`Symfony\Component\Routing\DependencyInjection\RoutingResolverPass` class instead.
|
||||
|
||||
* The `server:run`, `server:start`, `server:stop` and
|
||||
`server:status` console commands have been moved to a dedicated bundle.
|
||||
Require `symfony/web-server-bundle` in your composer.json and register
|
||||
* The `server:run`, `server:start`, `server:stop` and
|
||||
`server:status` console commands have been moved to a dedicated bundle.
|
||||
Require `symfony/web-server-bundle` in your composer.json and register
|
||||
`Symfony\Bundle\WebServerBundle\WebServerBundle` in your AppKernel to use them.
|
||||
|
||||
* The `Symfony\Bundle\FrameworkBundle\Translation\Translator` constructor now takes the
|
||||
default locale as 3rd argument. Not passing it will trigger an error in 4.0.
|
||||
|
||||
HttpFoundation
|
||||
--------------
|
||||
|
||||
* The `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument - not setting it is deprecated.
|
||||
Set it to `Request::HEADER_FORWARDED` if your reverse-proxy uses the RFC7239 `Forwarded` header,
|
||||
or to `Request::HEADER_X_FORWARDED_ALL` if it is using `X-Forwarded-*` headers instead.
|
||||
|
||||
* The `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods are deprecated,
|
||||
use the RFC7239 `Forwarded` header, or the `X-Forwarded-*` headers instead.
|
||||
|
||||
HttpKernel
|
||||
-----------
|
||||
|
||||
|
||||
@ -190,6 +190,8 @@ FrameworkBundle
|
||||
* The `cache:clear` command does not warmup the cache anymore. Warmup should
|
||||
be done via the `cache:warmup` command.
|
||||
|
||||
* The "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter have been removed. Use the `Request::setTrustedProxies()` method in your front controller instead.
|
||||
|
||||
* Support for absolute template paths has been removed.
|
||||
|
||||
* The following form types registered as services have been removed; use their
|
||||
@ -280,6 +282,15 @@ FrameworkBundle
|
||||
HttpFoundation
|
||||
---------------
|
||||
|
||||
HttpFoundation
|
||||
--------------
|
||||
|
||||
* The `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument.
|
||||
Set it to `Request::HEADER_FORWARDED` if your reverse-proxy uses the RFC7239 `Forwarded` header,
|
||||
or to `Request::HEADER_X_FORWARDED_ALL` if it is using `X-Forwarded-*` headers instead.
|
||||
|
||||
* The `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods have been removed.
|
||||
|
||||
* Extending the following methods of `Response`
|
||||
is no longer possible (these methods are now `final`):
|
||||
|
||||
|
||||
@ -36,7 +36,7 @@ class WebProcessorTest extends TestCase
|
||||
|
||||
public function testUseRequestClientIp()
|
||||
{
|
||||
Request::setTrustedProxies(array('192.168.0.1'));
|
||||
Request::setTrustedProxies(array('192.168.0.1'), Request::HEADER_X_FORWARDED_ALL);
|
||||
list($event, $server) = $this->createRequestEvent(array('X_FORWARDED_FOR' => '192.168.0.2'));
|
||||
|
||||
$processor = new WebProcessor();
|
||||
|
||||
@ -25,6 +25,9 @@
|
||||
"symfony/event-dispatcher": "~2.8|~3.0",
|
||||
"symfony/var-dumper": "~3.3"
|
||||
},
|
||||
"conflict": {
|
||||
"symfony/http-foundation": "<3.3"
|
||||
},
|
||||
"suggest": {
|
||||
"symfony/http-kernel": "For using the debugging handlers together with the response life cycle of the HTTP kernel.",
|
||||
"symfony/console": "For the possibility to show log messages in console commands depending on verbosity settings. You need version ~2.3 of the console for it.",
|
||||
|
||||
@ -5,6 +5,7 @@ CHANGELOG
|
||||
-----
|
||||
|
||||
* Deprecated `cache:clear` with warmup (always call it with `--no-warmup`)
|
||||
* Deprecated the "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter
|
||||
* Changed default configuration for
|
||||
assets/forms/validation/translation/serialization/csrf from `canBeEnabled()` to
|
||||
`canBeDisabled()` when Flex is used
|
||||
|
||||
@ -18,6 +18,7 @@ use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
|
||||
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
|
||||
use Symfony\Component\Config\Definition\ConfigurationInterface;
|
||||
use Symfony\Component\Form\Form;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\Serializer\Serializer;
|
||||
use Symfony\Component\Translation\Translator;
|
||||
use Symfony\Component\Validator\Validation;
|
||||
@ -58,6 +59,14 @@ class Configuration implements ConfigurationInterface
|
||||
return $v;
|
||||
})
|
||||
->end()
|
||||
->beforeNormalization()
|
||||
->ifTrue(function ($v) { return isset($v['trusted_proxies']); })
|
||||
->then(function ($v) {
|
||||
@trigger_error('The "framework.trusted_proxies" configuration key is deprecated since version 3.3 and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED);
|
||||
|
||||
return $v;
|
||||
})
|
||||
->end()
|
||||
->children()
|
||||
->scalarNode('secret')->end()
|
||||
->scalarNode('http_method_override')
|
||||
|
||||
@ -60,7 +60,9 @@ class FrameworkBundle extends Bundle
|
||||
ErrorHandler::register(null, false)->throwAt($this->container->getParameter('debug.error_handler.throw_at'), true);
|
||||
|
||||
if ($trustedProxies = $this->container->getParameter('kernel.trusted_proxies')) {
|
||||
Request::setTrustedProxies($trustedProxies);
|
||||
@trigger_error('The "kernel.trusted_proxies" parameter is deprecated since version 3.3 and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED);
|
||||
|
||||
Request::setTrustedProxies($trustedProxies, Request::getTrustedHeaderSet());
|
||||
}
|
||||
|
||||
if ($this->container->getParameter('kernel.http_method_override')) {
|
||||
|
||||
@ -43,6 +43,7 @@ class ConfigurationTest extends TestCase
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @dataProvider getTestValidTrustedProxiesData
|
||||
*/
|
||||
public function testValidTrustedProxies($trustedProxies, $processedProxies)
|
||||
@ -73,6 +74,7 @@ class ConfigurationTest extends TestCase
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
|
||||
*/
|
||||
public function testInvalidTypeTrustedProxies()
|
||||
@ -88,6 +90,7 @@ class ConfigurationTest extends TestCase
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
|
||||
*/
|
||||
public function testInvalidValueTrustedProxies()
|
||||
|
||||
@ -10,7 +10,6 @@ $container->loadFromExtension('framework', array(
|
||||
),
|
||||
),
|
||||
'http_method_override' => false,
|
||||
'trusted_proxies' => array('127.0.0.1', '10.0.0.1'),
|
||||
'esi' => array(
|
||||
'enabled' => true,
|
||||
),
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
|
||||
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
|
||||
|
||||
<framework:config secret="s3cr3t" ide="file%%link%%format" default-locale="fr" trusted-proxies="127.0.0.1, 10.0.0.1" http-method-override="false">
|
||||
<framework:config secret="s3cr3t" ide="file%%link%%format" default-locale="fr" http-method-override="false">
|
||||
<framework:csrf-protection />
|
||||
<framework:form>
|
||||
<framework:csrf-protection field-name="_csrf"/>
|
||||
|
||||
@ -6,7 +6,6 @@ framework:
|
||||
csrf_protection:
|
||||
field_name: _csrf
|
||||
http_method_override: false
|
||||
trusted_proxies: ['127.0.0.1', '10.0.0.1']
|
||||
esi:
|
||||
enabled: true
|
||||
profiler:
|
||||
|
||||
@ -119,13 +119,6 @@ abstract class FrameworkExtensionTest extends TestCase
|
||||
$this->assertTrue($container->hasDefinition('security.csrf.token_manager'));
|
||||
}
|
||||
|
||||
public function testProxies()
|
||||
{
|
||||
$container = $this->createContainerFromFile('full');
|
||||
|
||||
$this->assertEquals(array('127.0.0.1', '10.0.0.1'), $container->getParameter('kernel.trusted_proxies'));
|
||||
}
|
||||
|
||||
public function testHttpMethodOverride()
|
||||
{
|
||||
$container = $this->createContainerFromFile('full');
|
||||
|
||||
@ -4,6 +4,8 @@ CHANGELOG
|
||||
3.3.0
|
||||
-----
|
||||
|
||||
* added `$trustedHeaderSet` argument to `Request::setTrustedProxies()` - deprecate not setting it,
|
||||
* deprecated the `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods,
|
||||
* added `File\Stream`, to be passed to `BinaryFileResponse` when the size of the served file is unknown,
|
||||
disabling `Range` and `Content-Length` handling, switching to chunked encoding instead
|
||||
* added the `Cookie::fromString()` method that allows to create a cookie from a
|
||||
|
||||
@ -30,11 +30,21 @@ use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
||||
*/
|
||||
class Request
|
||||
{
|
||||
const HEADER_FORWARDED = 'forwarded';
|
||||
const HEADER_CLIENT_IP = 'client_ip';
|
||||
const HEADER_CLIENT_HOST = 'client_host';
|
||||
const HEADER_CLIENT_PROTO = 'client_proto';
|
||||
const HEADER_CLIENT_PORT = 'client_port';
|
||||
const HEADER_FORWARDED = 0b00001;
|
||||
const HEADER_X_FORWARDED_ALL = 0b11110;
|
||||
const HEADER_X_FORWARDED_FOR = 2;
|
||||
const HEADER_X_FORWARDED_HOST = 4;
|
||||
const HEADER_X_FORWARDED_PROTO = 8;
|
||||
const HEADER_X_FORWARDED_PORT = 16;
|
||||
|
||||
/** @deprecated since version 3.3, to be removed in 4.0 */
|
||||
const HEADER_CLIENT_IP = self::HEADER_X_FORWARDED_FOR;
|
||||
/** @deprecated since version 3.3, to be removed in 4.0 */
|
||||
const HEADER_CLIENT_HOST = self::HEADER_X_FORWARDED_HOST;
|
||||
/** @deprecated since version 3.3, to be removed in 4.0 */
|
||||
const HEADER_CLIENT_PROTO = self::HEADER_X_FORWARDED_PROTO;
|
||||
/** @deprecated since version 3.3, to be removed in 4.0 */
|
||||
const HEADER_CLIENT_PORT = self::HEADER_X_FORWARDED_PORT;
|
||||
|
||||
const METHOD_HEAD = 'HEAD';
|
||||
const METHOD_GET = 'GET';
|
||||
@ -70,6 +80,8 @@ class Request
|
||||
*
|
||||
* The other headers are non-standard, but widely used
|
||||
* by popular reverse proxies (like Apache mod_proxy or Amazon EC2).
|
||||
*
|
||||
* @deprecated since version 3.3, to be removed in 4.0
|
||||
*/
|
||||
protected static $trustedHeaders = array(
|
||||
self::HEADER_FORWARDED => 'FORWARDED',
|
||||
@ -210,6 +222,17 @@ class Request
|
||||
private $isHostValid = true;
|
||||
private $isClientIpsValid = true;
|
||||
|
||||
private static $trustedHeaderSet = -1;
|
||||
|
||||
/** @deprecated since version 3.3, to be removed in 4.0 */
|
||||
private static $trustedHeaderNames = array(
|
||||
self::HEADER_FORWARDED => 'FORWARDED',
|
||||
self::HEADER_CLIENT_IP => 'X_FORWARDED_FOR',
|
||||
self::HEADER_CLIENT_HOST => 'X_FORWARDED_HOST',
|
||||
self::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO',
|
||||
self::HEADER_CLIENT_PORT => 'X_FORWARDED_PORT',
|
||||
);
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
@ -548,11 +571,26 @@ class Request
|
||||
*
|
||||
* You should only list the reverse proxies that you manage directly.
|
||||
*
|
||||
* @param array $proxies A list of trusted proxies
|
||||
* @param array $proxies A list of trusted proxies
|
||||
* @param int $trustedHeaderSet A bit field of Request::HEADER_*, usually either Request::HEADER_FORWARDED or Request::HEADER_X_FORWARDED_ALL, to set which headers to trust from your proxies
|
||||
*
|
||||
* @throws \InvalidArgumentException When $trustedHeaderSet is invalid
|
||||
*/
|
||||
public static function setTrustedProxies(array $proxies)
|
||||
public static function setTrustedProxies(array $proxies/*, int $trustedHeaderSet*/)
|
||||
{
|
||||
self::$trustedProxies = $proxies;
|
||||
|
||||
if (2 > func_num_args()) {
|
||||
@trigger_error(sprintf('The %s() method expects a bit field of Request::HEADER_* as second argument. Not defining it is deprecated since version 3.3 and will be required in 4.0.', __METHOD__), E_USER_DEPRECATED);
|
||||
|
||||
return;
|
||||
}
|
||||
$trustedHeaderSet = func_get_arg(1);
|
||||
|
||||
foreach (self::$trustedHeaderNames as $header => $name) {
|
||||
self::$trustedHeaders[$header] = $header & $trustedHeaderSet ? $name : null;
|
||||
}
|
||||
self::$trustedHeaderSet = $trustedHeaderSet;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -565,6 +603,16 @@ class Request
|
||||
return self::$trustedProxies;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the set of trusted headers from trusted proxies.
|
||||
*
|
||||
* @return int A bit field of Request::HEADER_* that defines which headers are trusted from your proxies
|
||||
*/
|
||||
public static function getTrustedHeaderSet()
|
||||
{
|
||||
return self::$trustedHeaderSet;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets a list of trusted host patterns.
|
||||
*
|
||||
@ -608,14 +656,22 @@ class Request
|
||||
* @param string $value The header name
|
||||
*
|
||||
* @throws \InvalidArgumentException
|
||||
*
|
||||
* @deprecated since version 3.3, to be removed in 4.0. Use "X-Forwarded-*" headers or the "Forwarded" header defined in RFC7239, and the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
|
||||
*/
|
||||
public static function setTrustedHeaderName($key, $value)
|
||||
{
|
||||
@trigger_error(sprintf('The "%s()" method is deprecated since version 3.3 and will be removed in 4.0. Use "X-Forwarded-*" headers or the "Forwarded" header defined in RFC7239, and the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.', __METHOD__), E_USER_DEPRECATED);
|
||||
|
||||
if (!array_key_exists($key, self::$trustedHeaders)) {
|
||||
throw new \InvalidArgumentException(sprintf('Unable to set the trusted header name for key "%s".', $key));
|
||||
}
|
||||
|
||||
self::$trustedHeaders[$key] = $value;
|
||||
|
||||
if (null !== $value) {
|
||||
self::$trustedHeaderNames[$key] = $value;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -626,9 +682,15 @@ class Request
|
||||
* @return string The header name
|
||||
*
|
||||
* @throws \InvalidArgumentException
|
||||
*
|
||||
* @deprecated since version 3.3, to be removed in 4.0. Use the Request::getTrustedHeaderSet() method instead.
|
||||
*/
|
||||
public static function getTrustedHeaderName($key)
|
||||
{
|
||||
if (2 > func_num_args() || func_get_arg(1)) {
|
||||
@trigger_error(sprintf('The "%s()" method is deprecated since version 3.3 and will be removed in 4.0. Use the Request::getTrustedHeaderSet() method instead.', __METHOD__), E_USER_DEPRECATED);
|
||||
}
|
||||
|
||||
if (!array_key_exists($key, self::$trustedHeaders)) {
|
||||
throw new \InvalidArgumentException(sprintf('Unable to get the trusted header name for key "%s".', $key));
|
||||
}
|
||||
|
||||
@ -19,6 +19,12 @@ use Symfony\Component\HttpFoundation\Request;
|
||||
|
||||
class RequestTest extends TestCase
|
||||
{
|
||||
protected function tearDown()
|
||||
{
|
||||
// reset
|
||||
Request::setTrustedProxies(array(), -1);
|
||||
}
|
||||
|
||||
public function testInitialize()
|
||||
{
|
||||
$request = new Request();
|
||||
@ -727,7 +733,7 @@ class RequestTest extends TestCase
|
||||
|
||||
$this->assertEquals(80, $port, 'Without trusted proxies FORWARDED_PROTO and FORWARDED_PORT are ignored.');
|
||||
|
||||
Request::setTrustedProxies(array('1.1.1.1'));
|
||||
Request::setTrustedProxies(array('1.1.1.1'), Request::HEADER_X_FORWARDED_ALL);
|
||||
$request = Request::create('http://example.com', 'GET', array(), array(), array(), array(
|
||||
'HTTP_X_FORWARDED_PROTO' => 'https',
|
||||
'HTTP_X_FORWARDED_PORT' => '8443',
|
||||
@ -769,8 +775,6 @@ class RequestTest extends TestCase
|
||||
));
|
||||
$port = $request->getPort();
|
||||
$this->assertEquals(80, $port, 'With only PROTO set and value is not recognized, getPort() defaults to 80.');
|
||||
|
||||
Request::setTrustedProxies(array());
|
||||
}
|
||||
|
||||
/**
|
||||
@ -846,8 +850,6 @@ class RequestTest extends TestCase
|
||||
$request = $this->getRequestInstanceForClientIpTests($remoteAddr, $httpForwardedFor, $trustedProxies);
|
||||
|
||||
$this->assertEquals($expected[0], $request->getClientIp());
|
||||
|
||||
Request::setTrustedProxies(array());
|
||||
}
|
||||
|
||||
/**
|
||||
@ -858,8 +860,6 @@ class RequestTest extends TestCase
|
||||
$request = $this->getRequestInstanceForClientIpTests($remoteAddr, $httpForwardedFor, $trustedProxies);
|
||||
|
||||
$this->assertEquals($expected, $request->getClientIps());
|
||||
|
||||
Request::setTrustedProxies(array());
|
||||
}
|
||||
|
||||
/**
|
||||
@ -870,8 +870,6 @@ class RequestTest extends TestCase
|
||||
$request = $this->getRequestInstanceForClientIpsForwardedTests($remoteAddr, $httpForwarded, $trustedProxies);
|
||||
|
||||
$this->assertEquals($expected, $request->getClientIps());
|
||||
|
||||
Request::setTrustedProxies(array());
|
||||
}
|
||||
|
||||
public function testGetClientIpsForwardedProvider()
|
||||
@ -956,7 +954,7 @@ class RequestTest extends TestCase
|
||||
'HTTP_X_FORWARDED_FOR' => $httpXForwardedFor,
|
||||
);
|
||||
|
||||
Request::setTrustedProxies(array('88.88.88.88'));
|
||||
Request::setTrustedProxies(array('88.88.88.88'), Request::HEADER_X_FORWARDED_ALL | Request::HEADER_FORWARDED);
|
||||
|
||||
$request->initialize(array(), array(), array(), array(), array(), $server);
|
||||
|
||||
@ -988,13 +986,11 @@ class RequestTest extends TestCase
|
||||
'HTTP_X_FORWARDED_FOR' => $httpXForwardedFor,
|
||||
);
|
||||
|
||||
Request::setTrustedProxies(array('88.88.88.88'));
|
||||
Request::setTrustedProxies(array('88.88.88.88'), Request::HEADER_X_FORWARDED_ALL);
|
||||
|
||||
$request->initialize(array(), array(), array(), array(), array(), $server);
|
||||
|
||||
$request->getClientIps();
|
||||
|
||||
Request::setTrustedProxies(array());
|
||||
}
|
||||
|
||||
public function testGetClientIpsWithAgreeingHeadersProvider()
|
||||
@ -1177,11 +1173,10 @@ class RequestTest extends TestCase
|
||||
|
||||
$request->headers->set('X_FORWARDED_PROTO', 'https');
|
||||
|
||||
Request::setTrustedProxies(array('1.1.1.1'));
|
||||
Request::setTrustedProxies(array('1.1.1.1'), Request::HEADER_X_FORWARDED_ALL);
|
||||
$this->assertFalse($request->isSecure());
|
||||
$request->server->set('REMOTE_ADDR', '1.1.1.1');
|
||||
$this->assertTrue($request->isSecure());
|
||||
Request::setTrustedProxies(array());
|
||||
|
||||
$request->overrideGlobals();
|
||||
|
||||
@ -1644,7 +1639,7 @@ class RequestTest extends TestCase
|
||||
}
|
||||
|
||||
if ($trustedProxies) {
|
||||
Request::setTrustedProxies($trustedProxies);
|
||||
Request::setTrustedProxies($trustedProxies, Request::HEADER_X_FORWARDED_ALL);
|
||||
}
|
||||
|
||||
$request->initialize(array(), array(), array(), array(), array(), $server);
|
||||
@ -1663,7 +1658,7 @@ class RequestTest extends TestCase
|
||||
}
|
||||
|
||||
if ($trustedProxies) {
|
||||
Request::setTrustedProxies($trustedProxies);
|
||||
Request::setTrustedProxies($trustedProxies, Request::HEADER_FORWARDED);
|
||||
}
|
||||
|
||||
$request->initialize(array(), array(), array(), array(), array(), $server);
|
||||
@ -1679,10 +1674,6 @@ class RequestTest extends TestCase
|
||||
$request->headers->set('X_FORWARDED_HOST', 'foo.example.com, real.example.com:8080');
|
||||
$request->headers->set('X_FORWARDED_PROTO', 'https');
|
||||
$request->headers->set('X_FORWARDED_PORT', 443);
|
||||
$request->headers->set('X_MY_FOR', '3.3.3.3, 4.4.4.4');
|
||||
$request->headers->set('X_MY_HOST', 'my.example.com');
|
||||
$request->headers->set('X_MY_PROTO', 'http');
|
||||
$request->headers->set('X_MY_PORT', 81);
|
||||
|
||||
// no trusted proxies
|
||||
$this->assertEquals('3.3.3.3', $request->getClientIp());
|
||||
@ -1691,40 +1682,60 @@ class RequestTest extends TestCase
|
||||
$this->assertFalse($request->isSecure());
|
||||
|
||||
// disabling proxy trusting
|
||||
Request::setTrustedProxies(array());
|
||||
Request::setTrustedProxies(array(), Request::HEADER_X_FORWARDED_ALL);
|
||||
$this->assertEquals('3.3.3.3', $request->getClientIp());
|
||||
$this->assertEquals('example.com', $request->getHost());
|
||||
$this->assertEquals(80, $request->getPort());
|
||||
$this->assertFalse($request->isSecure());
|
||||
|
||||
// request is forwarded by a non-trusted proxy
|
||||
Request::setTrustedProxies(array('2.2.2.2'));
|
||||
Request::setTrustedProxies(array('2.2.2.2'), Request::HEADER_X_FORWARDED_ALL);
|
||||
$this->assertEquals('3.3.3.3', $request->getClientIp());
|
||||
$this->assertEquals('example.com', $request->getHost());
|
||||
$this->assertEquals(80, $request->getPort());
|
||||
$this->assertFalse($request->isSecure());
|
||||
|
||||
// trusted proxy via setTrustedProxies()
|
||||
Request::setTrustedProxies(array('3.3.3.3', '2.2.2.2'));
|
||||
Request::setTrustedProxies(array('3.3.3.3', '2.2.2.2'), Request::HEADER_X_FORWARDED_ALL);
|
||||
$this->assertEquals('1.1.1.1', $request->getClientIp());
|
||||
$this->assertEquals('real.example.com', $request->getHost());
|
||||
$this->assertEquals(443, $request->getPort());
|
||||
$this->assertTrue($request->isSecure());
|
||||
|
||||
// trusted proxy via setTrustedProxies()
|
||||
Request::setTrustedProxies(array('3.3.3.4', '2.2.2.2'));
|
||||
Request::setTrustedProxies(array('3.3.3.4', '2.2.2.2'), Request::HEADER_X_FORWARDED_ALL);
|
||||
$this->assertEquals('3.3.3.3', $request->getClientIp());
|
||||
$this->assertEquals('example.com', $request->getHost());
|
||||
$this->assertEquals(80, $request->getPort());
|
||||
$this->assertFalse($request->isSecure());
|
||||
|
||||
// check various X_FORWARDED_PROTO header values
|
||||
Request::setTrustedProxies(array('3.3.3.3', '2.2.2.2'));
|
||||
Request::setTrustedProxies(array('3.3.3.3', '2.2.2.2'), Request::HEADER_X_FORWARDED_ALL);
|
||||
$request->headers->set('X_FORWARDED_PROTO', 'ssl');
|
||||
$this->assertTrue($request->isSecure());
|
||||
|
||||
$request->headers->set('X_FORWARDED_PROTO', 'https, http');
|
||||
$this->assertTrue($request->isSecure());
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @expectedDeprecation The "Symfony\Component\HttpFoundation\Request::setTrustedHeaderName()" method is deprecated since version 3.3 and will be removed in 4.0. Use "X-Forwarded-*" headers or the "Forwarded" header defined in RFC7239, and the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
|
||||
*/
|
||||
public function testLegacyTrustedProxies()
|
||||
{
|
||||
$request = Request::create('http://example.com/');
|
||||
$request->server->set('REMOTE_ADDR', '3.3.3.3');
|
||||
$request->headers->set('X_FORWARDED_FOR', '1.1.1.1, 2.2.2.2');
|
||||
$request->headers->set('X_FORWARDED_HOST', 'foo.example.com, real.example.com:8080');
|
||||
$request->headers->set('X_FORWARDED_PROTO', 'https');
|
||||
$request->headers->set('X_FORWARDED_PORT', 443);
|
||||
$request->headers->set('X_MY_FOR', '3.3.3.3, 4.4.4.4');
|
||||
$request->headers->set('X_MY_HOST', 'my.example.com');
|
||||
$request->headers->set('X_MY_PROTO', 'http');
|
||||
$request->headers->set('X_MY_PORT', 81);
|
||||
|
||||
Request::setTrustedProxies(array('3.3.3.3', '2.2.2.2'), Request::HEADER_X_FORWARDED_ALL);
|
||||
|
||||
// custom header names
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'X_MY_FOR');
|
||||
@ -1746,8 +1757,8 @@ class RequestTest extends TestCase
|
||||
$this->assertEquals(80, $request->getPort());
|
||||
$this->assertFalse($request->isSecure());
|
||||
|
||||
// reset
|
||||
Request::setTrustedProxies(array());
|
||||
//reset
|
||||
Request::setTrustedHeaderName(Request::HEADER_FORWARDED, 'FORWARDED');
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'X_FORWARDED_FOR');
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'X_FORWARDED_HOST');
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, 'X_FORWARDED_PORT');
|
||||
@ -1755,6 +1766,7 @@ class RequestTest extends TestCase
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @expectedException \InvalidArgumentException
|
||||
*/
|
||||
public function testSetTrustedProxiesInvalidHeaderName()
|
||||
@ -1764,6 +1776,7 @@ class RequestTest extends TestCase
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @expectedException \InvalidArgumentException
|
||||
*/
|
||||
public function testGetTrustedProxiesInvalidHeaderName()
|
||||
@ -2062,6 +2075,77 @@ class RequestTest extends TestCase
|
||||
array('CONNECT', false),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
* @expectedDeprecation The Symfony\Component\HttpFoundation\Request::setTrustedProxies() method expects a bit field of Request::HEADER_* as second argument. Not defining it is deprecated since version 3.3 and will be required in 4.0.
|
||||
* @expectedDeprecation The "Symfony\Component\HttpFoundation\Request::getTrustedHeaderName()" method is deprecated since version 3.3 and will be removed in 4.0. Use the Request::getTrustedHeaderSet() method instead.
|
||||
*/
|
||||
public function testSetTrustedProxiesNoSecondArg()
|
||||
{
|
||||
Request::setTrustedProxies(array('8.8.8.8'));
|
||||
|
||||
$this->assertSame('FORWARDED', Request::getTrustedHeaderName(Request::HEADER_FORWARDED));
|
||||
$this->assertSame('X_FORWARDED_FOR', Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP));
|
||||
$this->assertSame('X_FORWARDED_HOST', Request::getTrustedHeaderName(Request::HEADER_CLIENT_HOST));
|
||||
$this->assertSame('X_FORWARDED_PORT', Request::getTrustedHeaderName(Request::HEADER_CLIENT_PORT));
|
||||
$this->assertSame('X_FORWARDED_PROTO', Request::getTrustedHeaderName(Request::HEADER_CLIENT_PROTO));
|
||||
}
|
||||
|
||||
/**
|
||||
* @group legacy
|
||||
*/
|
||||
public function testGetTrustedHeaderName()
|
||||
{
|
||||
Request::setTrustedProxies(array('8.8.8.8'), Request::HEADER_X_FORWARDED_ALL);
|
||||
|
||||
$this->assertNull(Request::getTrustedHeaderName(Request::HEADER_FORWARDED));
|
||||
$this->assertSame('X_FORWARDED_FOR', Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP));
|
||||
$this->assertSame('X_FORWARDED_HOST', Request::getTrustedHeaderName(Request::HEADER_CLIENT_HOST));
|
||||
$this->assertSame('X_FORWARDED_PORT', Request::getTrustedHeaderName(Request::HEADER_CLIENT_PORT));
|
||||
$this->assertSame('X_FORWARDED_PROTO', Request::getTrustedHeaderName(Request::HEADER_CLIENT_PROTO));
|
||||
|
||||
Request::setTrustedProxies(array('8.8.8.8'), Request::HEADER_FORWARDED);
|
||||
|
||||
$this->assertSame('FORWARDED', Request::getTrustedHeaderName(Request::HEADER_FORWARDED));
|
||||
$this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP));
|
||||
$this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_HOST));
|
||||
$this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_PORT));
|
||||
$this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_PROTO));
|
||||
|
||||
Request::setTrustedHeaderName(Request::HEADER_FORWARDED, 'A');
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'B');
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'C');
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, 'D');
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, 'E');
|
||||
|
||||
Request::setTrustedProxies(array('8.8.8.8'), Request::HEADER_FORWARDED);
|
||||
|
||||
$this->assertSame('A', Request::getTrustedHeaderName(Request::HEADER_FORWARDED));
|
||||
$this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP));
|
||||
$this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_HOST));
|
||||
$this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_PORT));
|
||||
$this->assertNull(Request::getTrustedHeaderName(Request::HEADER_CLIENT_PROTO));
|
||||
|
||||
Request::setTrustedProxies(array('8.8.8.8'), Request::HEADER_X_FORWARDED_ALL);
|
||||
|
||||
$this->assertNull(Request::getTrustedHeaderName(Request::HEADER_FORWARDED));
|
||||
$this->assertSame('B', Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP));
|
||||
$this->assertSame('C', Request::getTrustedHeaderName(Request::HEADER_CLIENT_HOST));
|
||||
$this->assertSame('D', Request::getTrustedHeaderName(Request::HEADER_CLIENT_PORT));
|
||||
$this->assertSame('E', Request::getTrustedHeaderName(Request::HEADER_CLIENT_PROTO));
|
||||
|
||||
Request::setTrustedProxies(array('8.8.8.8'), Request::HEADER_FORWARDED);
|
||||
|
||||
$this->assertSame('A', Request::getTrustedHeaderName(Request::HEADER_FORWARDED));
|
||||
|
||||
//reset
|
||||
Request::setTrustedHeaderName(Request::HEADER_FORWARDED, 'FORWARDED');
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'X_FORWARDED_FOR');
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'X_FORWARDED_HOST');
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, 'X_FORWARDED_PORT');
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, 'X_FORWARDED_PROTO');
|
||||
}
|
||||
}
|
||||
|
||||
class RequestContentProxy extends Request
|
||||
|
||||
@ -119,7 +119,7 @@ class InlineFragmentRenderer extends RoutableFragmentRenderer
|
||||
// Sub-request object will point to localhost as client ip and real client ip
|
||||
// will be included into trusted header for client ip
|
||||
try {
|
||||
if ($trustedHeaderName = Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP)) {
|
||||
if ($trustedHeaderName = Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP, false)) {
|
||||
$currentXForwardedFor = $request->headers->get($trustedHeaderName, '');
|
||||
|
||||
$server['HTTP_'.$trustedHeaderName] = ($currentXForwardedFor ? $currentXForwardedFor.', ' : '').$request->getClientIp();
|
||||
|
||||
@ -464,7 +464,7 @@ class HttpCache implements HttpKernelInterface, TerminableInterface
|
||||
// make sure HttpCache is a trusted proxy
|
||||
if (!in_array('127.0.0.1', $trustedProxies = Request::getTrustedProxies())) {
|
||||
$trustedProxies[] = '127.0.0.1';
|
||||
Request::setTrustedProxies($trustedProxies);
|
||||
Request::setTrustedProxies($trustedProxies, Request::HEADER_X_FORWARDED_ALL);
|
||||
}
|
||||
|
||||
// always a "master" request (as the real master request can be in cache)
|
||||
|
||||
@ -30,7 +30,7 @@ class ValidateRequestListenerTest extends TestCase
|
||||
$kernel = $this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock();
|
||||
|
||||
$request = new Request();
|
||||
$request->setTrustedProxies(array('1.1.1.1'));
|
||||
$request->setTrustedProxies(array('1.1.1.1'), Request::HEADER_X_FORWARDED_FOR | Request::HEADER_FORWARDED);
|
||||
$request->server->set('REMOTE_ADDR', '1.1.1.1');
|
||||
$request->headers->set('FORWARDED', '2.2.2.2');
|
||||
$request->headers->set('X_FORWARDED_FOR', '3.3.3.3');
|
||||
|
||||
@ -25,18 +25,6 @@ use Symfony\Component\EventDispatcher\EventDispatcher;
|
||||
|
||||
class InlineFragmentRendererTest extends TestCase
|
||||
{
|
||||
private $originalTrustedHeaderName;
|
||||
|
||||
protected function setUp()
|
||||
{
|
||||
$this->originalTrustedHeaderName = Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP);
|
||||
}
|
||||
|
||||
protected function tearDown()
|
||||
{
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, $this->originalTrustedHeaderName);
|
||||
}
|
||||
|
||||
public function testRender()
|
||||
{
|
||||
$strategy = new InlineFragmentRenderer($this->getKernel($this->returnValue(new Response('foo'))));
|
||||
@ -109,10 +97,12 @@ class InlineFragmentRendererTest extends TestCase
|
||||
|
||||
public function testRenderWithTrustedHeaderDisabled()
|
||||
{
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, '');
|
||||
Request::setTrustedProxies(array(), 0);
|
||||
|
||||
$strategy = new InlineFragmentRenderer($this->getKernelExpectingRequest(Request::create('/')));
|
||||
$this->assertSame('foo', $strategy->render('/', Request::create('/'))->getContent());
|
||||
|
||||
Request::setTrustedProxies(array(), -1);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -198,7 +188,7 @@ class InlineFragmentRendererTest extends TestCase
|
||||
$expectedSubRequest = Request::create('/');
|
||||
$expectedSubRequest->headers->set('Surrogate-Capability', 'abc="ESI/1.0"');
|
||||
|
||||
if (Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP)) {
|
||||
if (Request::HEADER_X_FORWARDED_FOR & Request::getTrustedHeaderSet()) {
|
||||
$expectedSubRequest->headers->set('x-forwarded-for', array('127.0.0.1'));
|
||||
$expectedSubRequest->server->set('HTTP_X_FORWARDED_FOR', '127.0.0.1');
|
||||
}
|
||||
@ -212,18 +202,17 @@ class InlineFragmentRendererTest extends TestCase
|
||||
|
||||
public function testESIHeaderIsKeptInSubrequestWithTrustedHeaderDisabled()
|
||||
{
|
||||
$trustedHeaderName = Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP);
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, '');
|
||||
Request::setTrustedProxies(array(), 0);
|
||||
|
||||
$this->testESIHeaderIsKeptInSubrequest();
|
||||
|
||||
Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, $trustedHeaderName);
|
||||
Request::setTrustedProxies(array(), -1);
|
||||
}
|
||||
|
||||
public function testHeadersPossiblyResultingIn304AreNotAssignedToSubrequest()
|
||||
{
|
||||
$expectedSubRequest = Request::create('/');
|
||||
if (Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP)) {
|
||||
if (Request::HEADER_X_FORWARDED_FOR & Request::getTrustedHeaderSet()) {
|
||||
$expectedSubRequest->headers->set('x-forwarded-for', array('127.0.0.1'));
|
||||
$expectedSubRequest->server->set('HTTP_X_FORWARDED_FOR', '127.0.0.1');
|
||||
}
|
||||
|
||||
@ -1184,7 +1184,7 @@ class HttpCacheTest extends HttpCacheTestCase
|
||||
*/
|
||||
public function testHttpCacheIsSetAsATrustedProxy(array $existing, array $expected)
|
||||
{
|
||||
Request::setTrustedProxies($existing);
|
||||
Request::setTrustedProxies($existing, Request::HEADER_X_FORWARDED_ALL);
|
||||
|
||||
$this->setNextResponse();
|
||||
$this->request('GET', '/', array('REMOTE_ADDR' => '10.0.0.1'));
|
||||
|
||||
@ -337,7 +337,7 @@ class HttpKernelTest extends TestCase
|
||||
public function testInconsistentClientIpsOnMasterRequests()
|
||||
{
|
||||
$request = new Request();
|
||||
$request->setTrustedProxies(array('1.1.1.1'));
|
||||
$request->setTrustedProxies(array('1.1.1.1'), Request::HEADER_X_FORWARDED_FOR | Request::HEADER_FORWARDED);
|
||||
$request->server->set('REMOTE_ADDR', '1.1.1.1');
|
||||
$request->headers->set('FORWARDED', '2.2.2.2');
|
||||
$request->headers->set('X_FORWARDED_FOR', '3.3.3.3');
|
||||
|
||||
Reference in New Issue
Block a user