[HttpKernel] Make sure HttpCache is a trusted proxy #11937
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
👍 |
|
This is not really a bug fix though. |
| @@ -462,6 +462,12 @@ protected function forward(Request $request, $catch = false, Response $entry = n | |||
| // is always called from the same process as the backend. | |||
| $request->server->set('REMOTE_ADDR', '127.0.0.1'); | |||
|
|
|||
| // make sure HttpCache is a trusted proxy | |||
| if (!in_array('127.0.0.1', $trustedProxies = Request::getTrustedProxies())) { | |||
There was a problem hiding this comment.
What about adding 127.0.0.1 directly in the list of trusted proxies in the Request class?
There was a problem hiding this comment.
@fabpot it should be trusted only when the HttpCache is used, not always. Otherwise it will trust the forwarded headers all the time
There was a problem hiding this comment.
@stof this seems to be necessary also when using a subrequest (at least in my experience).
|
👍 |
|
Thank you @thewilkybarkid. |
fabpot
added a commit
that referenced
this pull request
Sep 22, 2014
…lkybarkid) This PR was merged into the 2.3 branch. Discussion ---------- [HttpKernel] Make sure HttpCache is a trusted proxy | Q | A | ------------- | --- | Bug fix? | yes (of sorts) | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #9292 | License | MIT | Doc PR | symfony/symfony-docs#4239 Fixes #9292 by adding `127.0.0.1` as a trusted proxy when using `HttpCache` (assuming it hasn't been already). Commits ------- ca65362 Make sure HttpCache is a trusted proxy
weaverryan
added a commit
to symfony/symfony-docs
that referenced
this pull request
Sep 22, 2014
…ilkybarkid) This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes #4239). Discussion ---------- Remove redundant references to trusting HttpCache | Q | A | ------------- | --- | Doc fix? | yes | New docs? | no | Applies to | 2.3+ | Fixed tickets | Removes references to making `HttpCache` a trusted proxy as symfony/symfony#11937 would cause it to be handled automatically. Alternatively it could be reworded, but I'm not sure it's useful to say that this happens (since it was a bit odd to have to configure Symfony to let one part of the code base trust another). Commits ------- 8f157dc Remove redundant references to trusting HttpCache
|
Thanks @thewilkybarkid. Unfortunately I didn't take the time to do it myself. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #9292 by adding
127.0.0.1as a trusted proxy when usingHttpCache(assuming it hasn't been already).