Skip to content

Commit f960619

Browse files
nicolas-grekasnicolas-grekas
committed
[FrameworkBundle] allow configuring trusted proxies using semantic configuration
1 parent ffc1b35 commit f960619

File tree

7 files changed

+24
-5
lines changed

7 files changed

+24
-5
lines changed

src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ CHANGELOG
55
-----
66

77
* Added `framework.http_cache` configuration tree
8+
* Added `framework.trusted_proxies` and `framework.trusted_headers` configuration options
89

910
5.1.0
1011
-----

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
use Symfony\Component\Form\Form;
2525
use Symfony\Component\HttpClient\HttpClient;
2626
use Symfony\Component\HttpFoundation\Cookie;
27+
use Symfony\Component\HttpFoundation\Request;
2728
use Symfony\Component\Lock\Lock;
2829
use Symfony\Component\Lock\Store\SemaphoreStore;
2930
use Symfony\Component\Mailer\Mailer;
@@ -85,6 +86,8 @@ public function getConfigTreeBuilder()
8586
->beforeNormalization()->ifString()->then(function ($v) { return [$v]; })->end()
8687
->prototype('scalar')->end()
8788
->end()
89+
->scalarNode('trusted_proxies')->end()
90+
->integerNode('trusted_headers')->defaultValue(Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST)->end()
8891
->scalarNode('error_controller')
8992
->defaultValue('error_controller')
9093
->end()

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -241,6 +241,11 @@ public function load(array $configs, ContainerBuilder $container)
241241
$container->setParameter('kernel.default_locale', $config['default_locale']);
242242
$container->setParameter('kernel.error_controller', $config['error_controller']);
243243

244+
if (isset($config['trusted_proxies'], $config['trusted_headers'])) {
245+
$container->setParameter('kernel.trusted_proxies', $config['trusted_proxies']);
246+
$container->setParameter('kernel.trusted_headers', $config['trusted_headers']);
247+
}
248+
244249
if (!$container->hasParameter('debug.file_link_format')) {
245250
$links = [
246251
'textmate' => 'txmt://open?url=file://%%f&line=%%l',

src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -95,10 +95,6 @@ public function boot()
9595
if ($this->container->getParameter('kernel.http_method_override')) {
9696
Request::enableHttpMethodParameterOverride();
9797
}
98-
99-
if ($trustedHosts = $this->container->getParameter('kernel.trusted_hosts')) {
100-
Request::setTrustedHosts($trustedHosts);
101-
}
10298
}
10399

104100
public function build(ContainerBuilder $container)

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
1919
use Symfony\Component\Config\Definition\Processor;
2020
use Symfony\Component\HttpClient\HttpClient;
21+
use Symfony\Component\HttpFoundation\Request;
2122
use Symfony\Component\Lock\Store\SemaphoreStore;
2223
use Symfony\Component\Mailer\Mailer;
2324
use Symfony\Component\Messenger\MessageBusInterface;
@@ -341,6 +342,7 @@ protected static function getBundleDefaultConfig()
341342
'http_method_override' => true,
342343
'ide' => null,
343344
'default_locale' => 'en',
345+
'trusted_headers' => Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST,
344346
'csrf_protection' => [
345347
'enabled' => false,
346348
],

src/Symfony/Component/HttpKernel/CHANGELOG.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@ CHANGELOG
55
-----
66

77
* made the public `http_cache` service handle requests when available
8+
* allowed enabling trusted hosts and proxies using new `kernel.trusted_hosts`,
9+
`kernel.trusted_proxies` and `kernel.trusted_headers` parameters
810

911
5.1.0
1012
-----

src/Symfony/Component/HttpKernel/Kernel.php

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -764,7 +764,17 @@ private function preBoot(): ContainerInterface
764764
$this->initializeBundles();
765765
$this->initializeContainer();
766766

767-
return $this->container;
767+
$container = $this->container;
768+
769+
if ($container->hasParameter('kernel.trusted_hosts') && $trustedHosts = $container->getParameter('kernel.trusted_hosts')) {
770+
Request::setTrustedHosts($trustedHosts);
771+
}
772+
773+
if ($container->hasParameter('kernel.trusted_proxies') && $container->hasParameter('kernel.trusted_headers') && $trustedProxies = $container->getParameter('kernel.trusted_proxies')) {
774+
Request::setTrustedProxies(explode(',', $trustedProxies), $container->getParameter('kernel.trusted_headers'));
775+
}
776+
777+
return $container;
768778
}
769779

770780
/**

0 commit comments

Comments
 (0)