File tree Expand file tree Collapse file tree 1 file changed +9
-3
lines changed Expand file tree Collapse file tree 1 file changed +9
-3
lines changed Original file line number Diff line number Diff line change @@ -40,16 +40,22 @@ and what headers your reverse proxy uses to send information::
4040 // or, if your proxy instead uses the "Forwarded" header
4141 // Request::HEADER_FORWARDED
4242
43- // or, if you're using a wellknown proxy
43+ // or, if you're using a well-known proxy
4444 // Request::HEADER_X_FORWARDED_AWS_ELB
4545 // Request::HEADER_X_FORWARDED_TRAEFIK
4646 );
4747
48+ .. deprecated :: 5.2
49+
50+ In previous Symfony versions, the above example used ``HEADER_X_FORWARDED_ALL ``
51+ to trust all "X-Forwarded-*" headers, but that constant is deprecated since
52+ Symfony 5.2 in favor of the individual ``HEADER_X_FORWARDED_*`` constants.
53+
4854.. caution ::
4955
5056 Enabling the ``Request::HEADER_X_FORWARDED_HOST `` option exposes the
51- application to " `HTTP Host header attacks `_" . Make sure the proxy really
52- send a ``x-forwarded-host `` header.
57+ application to `HTTP Host header attacks `_. Make sure the proxy really
58+ sends an ``x-forwarded-host `` header.
5359
5460The Request object has several ``Request::HEADER_* `` constants that control exactly
5561*which * headers from your reverse proxy are trusted. The argument is a bit field,
You can’t perform that action at this time.
0 commit comments