symfony

Archived

forked from https://github.com/symfony/symfony

This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.

Go to file

Nicolas Grekas 3fc2200134 bug #27309 Fix surrogate not using original request (Toflar) This PR was submitted for the 3.4 branch but it was squashed and merged into the 2.8 branch instead (closes #27309). Discussion ---------- Fix surrogate not using original request \| Q \| A \| ------------- \| --- \| Branch? \| 3.4 \| Bug fix? \| yes \| New feature? \| no \| BC breaks? \| no \| Deprecations? \| no \| Tests pass? \| yes \| Fixed tickets \| \| License \| MIT \| Doc PR \| Warning: This might need some close attention. It took me hours to wrap my head around that issue :-) So the problem is that `HttpCache::forward()` (or essentially any part in your application) can modify the `$request` that is passed to the `HttpCache::handle()` and the surrogate can never access the original request using `HttpCache::getRequest()` anymore. Example: * Main request (GET `/foobar`) * It's not in the cache, so `HttpCache::forward()` modifies `REMOTE_ADDR` to `127.0.0.1` and adds the `X-Forwarded-For` header. * The request is sent to the application and any e.g. `kernel.request` listener might modify the `$request` further. * Now the `/foobar` route returns `text/html` that contains some `<esi src="=/fragment_path"` tag. * `HttpCache` has an instance of `SurrogateInterface` so (in our case `Esi`) will be asked to `process()` and then later on `handle()` the `/fragment_path` request. For that, `Esi` (or in fact `AbstractSurrogate` uses the following line to create a subrequest and pass it on to the application again: ```php $subRequest = Request::create($uri, Request::METHOD_GET, array(), $cache->getRequest()->cookies->all(), array(), $cache->getRequest()->server->all()); ``` What you can see here, is that it uses `$cache->getRequest()`. And here follows the problem: We did not duplicate (clone) the original request so essentially `$cache->getRequest()` is a reference to the current request that `HttpKernel::forward()` modified and probably any other part of the application did so too. So for example the original `REMOTE_ADDR` (client IP) got lost. What we should do instead is duplicate the original request so the surrogates can actually behave like a real reverse proxy such as Varnish would by keeping all the original request attributes. Commits ------- `ab86f43d78` Fix surrogate not using original request		2018-06-19 15:13:23 +02:00
.composer	Drop hirak/prestissimo	2016-05-12 07:44:15 -05:00
.github	CODEOWNERS: some more rules	2018-05-30 07:26:26 +02:00
src/Symfony	Fix surrogate not using original request	2018-06-19 15:13:16 +02:00
.editorconfig	Add EditorConfig File	2012-06-16 14:08:15 +02:00
.gitignore	Add appveyor.yml for C.I. on Windows	2015-08-25 23:41:37 +02:00
.php_cs.dist	Merge branch '2.7' into 2.8	2018-01-03 18:12:09 +01:00
.travis.yml	[travis] cache in ~/php-ext/	2018-02-22 13:59:51 +01:00
appveyor.yml	Merge branch '2.7' into 2.8	2018-02-26 16:33:21 +01:00
CHANGELOG-2.2.md	Merge branch '2.2' into 2.3	2013-12-03 15:51:26 +01:00
CHANGELOG-2.3.md	updated CHANGELOG for 2.3.42	2016-05-30 10:40:50 +02:00
CHANGELOG-2.4.md	updated CHANGELOG for 2.4.9	2014-09-03 11:50:09 +02:00
CHANGELOG-2.5.md	updated CHANGELOG for 2.5.10	2015-02-02 10:26:02 +01:00
CHANGELOG-2.6.md	updated CHANGELOG for 2.6.10	2015-07-13 11:34:21 +02:00
CHANGELOG-2.7.md	updated CHANGELOG for 2.7.47	2018-05-21 13:47:41 +02:00
CHANGELOG-2.8.md	updated CHANGELOG for 2.8.41	2018-05-25 14:02:41 +02:00
composer.json	Merge branch '2.7' into 2.8	2018-05-01 15:52:40 -07:00
CONTRIBUTING.md	Mention the community review guide	2016-12-18 22:02:35 +01:00
CONTRIBUTORS.md	update CONTRIBUTORS for 2.7.47	2018-05-21 13:48:28 +02:00
LICENSE	fixed years in copyright	2018-01-03 08:23:28 +01:00
link	Update Repository Symlink Helper	2018-02-11 12:15:02 +01:00
phpunit	Default testsuite to latest PHPUnit 6.*	2018-05-25 15:04:04 +02:00
phpunit.xml.dist	Merge branch '2.7' into 2.8	2017-04-12 07:07:15 -07:00
README.md	Add code of Conduct links in our README	2018-05-25 16:34:01 +02:00
UPGRADE-2.1.md	Remove aligned '=>' and '='	2014-10-26 08:30:58 +01:00
UPGRADE-2.2.md	Clean up	2018-01-02 16:37:23 +01:00
UPGRADE-2.3.md	[Doc] Use Markdown syntax highlighting	2014-10-01 07:38:33 +02:00
UPGRADE-2.4.md	Updated UPGRADE-2.4.md	2015-06-08 16:44:57 +02:00
UPGRADE-2.5.md	Clean up	2018-01-02 16:37:23 +01:00
UPGRADE-2.6.md	Fix grammar	2014-12-30 09:24:50 +01:00
UPGRADE-2.7.md	Clean up	2018-01-02 16:37:23 +01:00
UPGRADE-2.8.md	fixed CS	2017-08-10 08:50:59 +02:00
UPGRADE-3.0.md	Sync UPGRADE-3.0.md with 3.4	2018-02-22 13:34:56 +01:00

README.md

Symfony is a PHP framework for web applications and a set of reusable PHP components. Symfony is used by thousands of web applications (including BlaBlaCar.com and Spotify.com) and most of the popular PHP projects (including Drupal and Magento).

Installation

Install Symfony with Composer or with our own installer (see requirements details).
Symfony follows the semantic versioning strictly, publishes "Long Term Support" (LTS) versions and has a release process that is predictable and business-friendly.

Documentation

Read the Getting Started guide if you are new to Symfony.
Try the Symfony Demo application to learn Symfony in practice.
Master Symfony with the Guides and Tutorials, the Components docs and the Best Practices reference.

Community

Join the Symfony Community and meet other members at the Symfony events.
Get Symfony support on Stack Overflow, Slack, IRC, etc.
Follow us on GitHub, Twitter and Facebook.
Read our Code of Conduct and meet the CARE Team

Contributing

Symfony is an Open Source, community-driven project with thousands of contributors. Join them contributing code or contributing documentation.

Security Issues

If you discover a security vulnerability within Symfony, please follow our disclosure procedure.

About Us

Symfony development is sponsored by SensioLabs, led by the Symfony Core Team and supported by Symfony contributors.