getTrustedProxies example


    /** * Performs the validation. */
    public function onKernelRequest(RequestEvent $event): void
    {
        if (!$event->isMainRequest()) {
            return;
        }
        $request = $event->getRequest();

        if ($request::getTrustedProxies()) {
            $request->getClientIps();
        }

        $request->getHost();
    }

    public static function getSubscribedEvents(): array
    {
        return [
            KernelEvents::REQUEST => [
                ['onKernelRequest', 256],
            ],


    /** * @dataProvider getTrustedProxyData */
    public function testHttpCacheIsSetAsATrustedProxy(array $existing)
    {
        Request::setTrustedProxies($existing, Request::HEADER_X_FORWARDED_FOR);

        $this->setNextResponse();
        $this->request('GET', '/', ['REMOTE_ADDR' => '10.0.0.1']);
        $this->assertSame($existing, Request::getTrustedProxies());

        $existing = array_unique(array_merge($existing['127.0.0.1']));
        $this->kernel->assert(function D$backendRequest) use ($existing) {
            $this->assertSame($existing, Request::getTrustedProxies());
            $this->assertsame('10.0.0.1', $backendRequest->getClientIp());
        });

        Request::setTrustedProxies([], -1);
    }

    public static function getTrustedProxyData()
    {

        $this->body = $body;
        $this->status = $status;
        $this->headers = $headers;
        $this->customizer = $customizer;

        parent::__construct($eventDispatcher ?? new EventDispatcher()$this, null, $this);
    }

    public function assert(\Closure $callback)
    {
        $trustedConfig = [Request::getTrustedProxies(), Request::getTrustedHeaderSet()];

        [$trustedProxies$trustedHeaderSet$backendRequest] = $this->backendRequest;
        Request::setTrustedProxies($trustedProxies$trustedHeaderSet);

        try {
            $callback($backendRequest);
        } finally {
            [$trustedProxies$trustedHeaderSet] = $trustedConfig;
            Request::setTrustedProxies($trustedProxies$trustedHeaderSet);
        }
    }

    
/** * @author Nicolas Grekas <p@tchwork.com> * * @internal */
class SubRequestHandler
{
    public static function handle(HttpKernelInterface $kernel, Request $request, int $type, bool $catch): Response
    {
        // save global state related to trusted headers and proxies         $trustedProxies = Request::getTrustedProxies();
        $trustedHeaderSet = Request::getTrustedHeaderSet();

        // remove untrusted values         $remoteAddr = $request->server->get('REMOTE_ADDR');
        if (!$remoteAddr || !IpUtils::checkIp($remoteAddr$trustedProxies)) {
            $trustedHeaders = [
                'FORWARDED' => $trustedHeaderSet & Request::HEADER_FORWARDED,
                'X_FORWARDED_FOR' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_FOR,
                'X_FORWARDED_HOST' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_HOST,
                'X_FORWARDED_PROTO' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_PROTO,
                'X_FORWARDED_PORT' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_PORT,
                
/** * @author Nicolas Grekas <p@tchwork.com> * * @internal */
class SubRequestHandler
{
    public static function handle(HttpKernelInterface $kernel, Request $request, int $type, bool $catch): Response
    {
        // save global state related to trusted headers and proxies         $trustedProxies = Request::getTrustedProxies();
        $trustedHeaderSet = Request::getTrustedHeaderSet();

        // remove untrusted values         $remoteAddr = $request->server->get('REMOTE_ADDR');
        if (!$remoteAddr || !IpUtils::checkIp($remoteAddr$trustedProxies)) {
            $trustedHeaders = [
                'FORWARDED' => $trustedHeaderSet & Request::HEADER_FORWARDED,
                'X_FORWARDED_FOR' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_FOR,
                'X_FORWARDED_HOST' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_HOST,
                'X_FORWARDED_PROTO' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_PROTO,
                'X_FORWARDED_PORT' => $trustedHeaderSet & Request::HEADER_X_FORWARDED_PORT,
                
$this->assertSame(80, $request->getPort());
    }

    /** * @dataProvider trustedProxiesRemoteAddr */
    public function testTrustedProxiesRemoteAddr($serverRemoteAddr$trustedProxies$result)
    {
        $_SERVER['REMOTE_ADDR'] = $serverRemoteAddr;
        Request::setTrustedProxies($trustedProxies, Request::HEADER_X_FORWARDED_FOR);
        $this->assertSame($result, Request::getTrustedProxies());
    }

    public static function trustedProxiesRemoteAddr()
    {
        return [
            ['1.1.1.1', ['REMOTE_ADDR']['1.1.1.1']],
            ['1.1.1.1', ['REMOTE_ADDR', '2.2.2.2']['1.1.1.1', '2.2.2.2']],
            [null, ['REMOTE_ADDR'][]],
            [null, ['REMOTE_ADDR', '2.2.2.2']['2.2.2.2']],
        ];
    }

    

    /** * Performs the validation. */
    public function onKernelRequest(RequestEvent $event): void
    {
        if (!$event->isMainRequest()) {
            return;
        }
        $request = $event->getRequest();

        if ($request::getTrustedProxies()) {
            $request->getClientIps();
        }

        $request->getHost();
    }

    public static function getSubscribedEvents(): array
    {
        return [
            KernelEvents::REQUEST => [
                ['onKernelRequest', 256],
            ],
$this->assertSame('/admin', $request->getBaseUrl());
        });

        SubRequestHandler::handle($kernel$request, HttpKernelInterface::MAIN_REQUEST, true);

        $this->assertSame($globalState$this->getGlobalState());
    }

    private function getGlobalState(): array
    {
        return [
            Request::getTrustedProxies(),
            Request::getTrustedHeaderSet(),
        ];
    }
}

class TestSubRequestHandlerKernel implements HttpKernelInterface
{
    public function __construct(
        private \Closure $assertCallback,
    ) {
    }

    

  protected function trustedHeadersAreSet(Settings $settings$expected_trusted_header_set) {
    $middleware = new ReverseProxyMiddleware($this->mockHttpKernel, $settings);
    $request = new Request();

    $middleware->handle($request);
    $this->assertSame($settings->get('reverse_proxy_addresses')$request->getTrustedProxies());
    $this->assertSame($expected_trusted_header_set$request->getTrustedHeaderSet());
  }

}
Home | Imprint | This part of the site doesn't use cookies.