Skip to content

[HttpFoundation] Add $trustedHeaderSet arg to Request::setTrustedProxies() - deprecate not setting it #21830

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 22, 2017
Merged

[HttpFoundation] Add $trustedHeaderSet arg to Request::setTrustedProxies() - deprecate not setting it #21830

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 16 additions & 3 deletions UPGRADE-3.3.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,9 @@ FrameworkBundle
* The `cache:clear` command should always be called with the `--no-warmup` option.
Warmup should be done via the `cache:warmup` command.

* The "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter have been deprecated and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.


* The `Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\AddConsoleCommandPass` has been deprecated. Use `Symfony\Component\Console\DependencyInjection\AddConsoleCommandPass` instead.

* The `Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\SerializerPass` class has been
Expand Down Expand Up @@ -175,14 +178,24 @@ FrameworkBundle
class has been deprecated and will be removed in 4.0. Use the
`Symfony\Component\Routing\DependencyInjection\RoutingResolverPass` class instead.

* The `server:run`, `server:start`, `server:stop` and
`server:status` console commands have been moved to a dedicated bundle.
Require `symfony/web-server-bundle` in your composer.json and register
* The `server:run`, `server:start`, `server:stop` and
`server:status` console commands have been moved to a dedicated bundle.
Require `symfony/web-server-bundle` in your composer.json and register
`Symfony\Bundle\WebServerBundle\WebServerBundle` in your AppKernel to use them.

* The `Symfony\Bundle\FrameworkBundle\Translation\Translator` constructor now takes the
default locale as 3rd argument. Not passing it will trigger an error in 4.0.

HttpFoundation
--------------

* The `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument - not setting it is deprecated.
Set it to `Request::HEADER_FORWARDED` if your reverse-proxy uses the RFC7239 `Forwarded` header,
or to `Request::HEADER_X_FORWARDED_ALL` if it is using `X-Forwarded-*` headers instead.

* The `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods are deprecated,
use the RFC7239 `Forwarded` header, or the `X-Forwarded-*` headers instead.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure, but IIRC, it was introduced because some proxies/setups use non-standard headers.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking at Express, the values are hardcoded:
http://expressjs.com/en/guide/behind-proxies.html
https://github.com/expressjs/express/blob/master/lib/request.js
I guess we're safe not supporting any fancy names.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default names are non-standard, but widely used by popular reverse proxies (like Apache mod_proxy or Amazon EC2).. So, I think we should check if this is still the case or not.

Copy link
Member Author

@nicolas-grekas nicolas-grekas Mar 19, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As far as I looked correctly, I'd rephrase this to "The default names are non-standardized" - because they are the defacto standard in fact. Can anyone find any other name in use in place of X-Forwarded-*, with the same semantic?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apparently, Apache mod_proxy and Amazon EC2 use different names.


HttpKernel
-----------

Expand Down
11 changes: 11 additions & 0 deletions UPGRADE-4.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,8 @@ FrameworkBundle
* The `cache:clear` command does not warmup the cache anymore. Warmup should
be done via the `cache:warmup` command.

* The "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter have been removed. Use the `Request::setTrustedProxies()` method in your front controller instead.

* Support for absolute template paths has been removed.

* The following form types registered as services have been removed; use their
Expand Down Expand Up @@ -280,6 +282,15 @@ FrameworkBundle
HttpFoundation
---------------

HttpFoundation
--------------

* The `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument.
Set it to `Request::HEADER_FORWARDED` if your reverse-proxy uses the RFC7239 `Forwarded` header,
or to `Request::HEADER_X_FORWARDED_ALL` if it is using `X-Forwarded-*` headers instead.

* The `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods have been removed.

* Extending the following methods of `Response`
is no longer possible (these methods are now `final`):

Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bridge/Monolog/Tests/Processor/WebProcessorTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ public function testUsesRequestServerData()

public function testUseRequestClientIp()
{
Request::setTrustedProxies(array('192.168.0.1'));
Request::setTrustedProxies(array('192.168.0.1'), Request::HEADER_X_FORWARDED_ALL);
list($event, $server) = $this->createRequestEvent(array('X_FORWARDED_FOR' => '192.168.0.2'));

$processor = new WebProcessor();
Expand Down
3 changes: 3 additions & 0 deletions src/Symfony/Bridge/Monolog/composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@
"symfony/event-dispatcher": "~2.8|~3.0",
"symfony/var-dumper": "~3.3"
},
"conflict": {
"symfony/http-foundation": "<3.3"
},
"suggest": {
"symfony/http-kernel": "For using the debugging handlers together with the response life cycle of the HTTP kernel.",
"symfony/console": "For the possibility to show log messages in console commands depending on verbosity settings. You need version ~2.3 of the console for it.",
Expand Down
1 change: 1 addition & 0 deletions src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ CHANGELOG
-----

* Deprecated `cache:clear` with warmup (always call it with `--no-warmup`)
* Deprecated the "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter
* Changed default configuration for
assets/forms/validation/translation/serialization/csrf from `canBeEnabled()` to
`canBeDisabled()` when Flex is used
Expand Down
9 changes: 9 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
use Symfony\Component\Config\Definition\ConfigurationInterface;
use Symfony\Component\Form\Form;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Serializer\Serializer;
use Symfony\Component\Translation\Translator;
use Symfony\Component\Validator\Validation;
Expand Down Expand Up @@ -58,6 +59,14 @@ public function getConfigTreeBuilder()
return $v;
})
->end()
->beforeNormalization()
->ifTrue(function ($v) { return isset($v['trusted_proxies']); })
->then(function ($v) {
@trigger_error('The "framework.trusted_proxies" configuration key is deprecated since version 3.3 and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED);

return $v;
})
->end()
->children()
->scalarNode('secret')->end()
->scalarNode('http_method_override')
Expand Down
4 changes: 3 additions & 1 deletion src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,9 @@ public function boot()
ErrorHandler::register(null, false)->throwAt($this->container->getParameter('debug.error_handler.throw_at'), true);

if ($trustedProxies = $this->container->getParameter('kernel.trusted_proxies')) {
Request::setTrustedProxies($trustedProxies);
@trigger_error('The "kernel.trusted_proxies" parameter is deprecated since version 3.3 and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED);

Request::setTrustedProxies($trustedProxies, Request::getTrustedHeaderSet());
}

if ($this->container->getParameter('kernel.http_method_override')) {
Expand Down
3 changes: 3 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ public function testDoNoDuplicateDefaultFormResources()
}

/**
* @group legacy
* @dataProvider getTestValidTrustedProxiesData
*/
public function testValidTrustedProxies($trustedProxies, $processedProxies)
Expand Down Expand Up @@ -73,6 +74,7 @@ public function getTestValidTrustedProxiesData()
}

/**
* @group legacy
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
*/
public function testInvalidTypeTrustedProxies()
Expand All @@ -88,6 +90,7 @@ public function testInvalidTypeTrustedProxies()
}

/**
* @group legacy
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
*/
public function testInvalidValueTrustedProxies()
Expand Down
1 change: 0 additions & 1 deletion src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
),
),
'http_method_override' => false,
'trusted_proxies' => array('127.0.0.1', '10.0.0.1'),
'esi' => array(
'enabled' => true,
),
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">

<framework:config secret="s3cr3t" ide="file%%link%%format" default-locale="fr" trusted-proxies="127.0.0.1, 10.0.0.1" http-method-override="false">
<framework:config secret="s3cr3t" ide="file%%link%%format" default-locale="fr" http-method-override="false">
<framework:csrf-protection />
<framework:form>
<framework:csrf-protection field-name="_csrf"/>
Expand Down
1 change: 0 additions & 1 deletion src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ framework:
csrf_protection:
field_name: _csrf
http_method_override: false
trusted_proxies: ['127.0.0.1', '10.0.0.1']
esi:
enabled: true
profiler:
Expand Down
7 changes: 0 additions & 7 deletions src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,13 +119,6 @@ public function testCsrfProtectionForFormsEnablesCsrfProtectionAutomatically()
$this->assertTrue($container->hasDefinition('security.csrf.token_manager'));
}

public function testProxies()
{
$container = $this->createContainerFromFile('full');

$this->assertEquals(array('127.0.0.1', '10.0.0.1'), $container->getParameter('kernel.trusted_proxies'));
}

public function testHttpMethodOverride()
{
$container = $this->createContainerFromFile('full');
Expand Down
2 changes: 2 additions & 0 deletions src/Symfony/Component/HttpFoundation/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ CHANGELOG
3.3.0
-----

* added `$trustedHeaderSet` argument to `Request::setTrustedProxies()` - deprecate not setting it,
* deprecated the `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods,
* added `File\Stream`, to be passed to `BinaryFileResponse` when the size of the served file is unknown,
disabling `Range` and `Content-Length` handling, switching to chunked encoding instead
* added the `Cookie::fromString()` method that allows to create a cookie from a
Expand Down
76 changes: 69 additions & 7 deletions src/Symfony/Component/HttpFoundation/Request.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,21 @@
*/
class Request
{
const HEADER_FORWARDED = 'forwarded';
const HEADER_CLIENT_IP = 'client_ip';
const HEADER_CLIENT_HOST = 'client_host';
const HEADER_CLIENT_PROTO = 'client_proto';
const HEADER_CLIENT_PORT = 'client_port';
const HEADER_FORWARDED = 0b00001;
const HEADER_X_FORWARDED_ALL = 0b11110;
const HEADER_X_FORWARDED_FOR = 2;
const HEADER_X_FORWARDED_HOST = 4;
const HEADER_X_FORWARDED_PROTO = 8;
const HEADER_X_FORWARDED_PORT = 16;

/** @deprecated since version 3.3, to be removed in 4.0 */
const HEADER_CLIENT_IP = self::HEADER_X_FORWARDED_FOR;
/** @deprecated since version 3.3, to be removed in 4.0 */
const HEADER_CLIENT_HOST = self::HEADER_X_FORWARDED_HOST;
/** @deprecated since version 3.3, to be removed in 4.0 */
const HEADER_CLIENT_PROTO = self::HEADER_X_FORWARDED_PROTO;
/** @deprecated since version 3.3, to be removed in 4.0 */
const HEADER_CLIENT_PORT = self::HEADER_X_FORWARDED_PORT;

const METHOD_HEAD = 'HEAD';
const METHOD_GET = 'GET';
Expand Down Expand Up @@ -70,6 +80,8 @@ class Request
*
* The other headers are non-standard, but widely used
* by popular reverse proxies (like Apache mod_proxy or Amazon EC2).
*
* @deprecated since version 3.3, to be removed in 4.0
*/
protected static $trustedHeaders = array(
self::HEADER_FORWARDED => 'FORWARDED',
Expand Down Expand Up @@ -210,6 +222,17 @@ class Request
private $isHostValid = true;
private $isClientIpsValid = true;

private static $trustedHeaderSet = -1;

/** @deprecated since version 3.3, to be removed in 4.0 */
private static $trustedHeaderNames = array(
self::HEADER_FORWARDED => 'FORWARDED',
self::HEADER_CLIENT_IP => 'X_FORWARDED_FOR',
self::HEADER_CLIENT_HOST => 'X_FORWARDED_HOST',
self::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO',
self::HEADER_CLIENT_PORT => 'X_FORWARDED_PORT',
);

/**
* Constructor.
*
Expand Down Expand Up @@ -548,11 +571,26 @@ public function overrideGlobals()
*
* You should only list the reverse proxies that you manage directly.
*
* @param array $proxies A list of trusted proxies
* @param array $proxies A list of trusted proxies
* @param int $trustedHeaderSet A bit field of Request::HEADER_*, usually either Request::HEADER_FORWARDED or Request::HEADER_X_FORWARDED_ALL, to set which headers to trust from your proxies
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I means that you can trust the Forwarded and the X-Forwarded-For headers at the same time. I don't think that this is desirable.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I think it's still legitimate to support that, at least for BC.
This would be really opt-in anyway, low chance anyone will do it be mistake to me.

*
* @throws \InvalidArgumentException When $trustedHeaderSet is invalid
*/
public static function setTrustedProxies(array $proxies)
public static function setTrustedProxies(array $proxies/*, int $trustedHeaderSet*/)
{
self::$trustedProxies = $proxies;

if (2 > func_num_args()) {
@trigger_error(sprintf('The %s() method expects a bit field of Request::HEADER_* as second argument. Not defining it is deprecated since version 3.3 and will be required in 4.0.', __METHOD__), E_USER_DEPRECATED);

return;
}
$trustedHeaderSet = func_get_arg(1);

foreach (self::$trustedHeaderNames as $header => $name) {
self::$trustedHeaders[$header] = $header & $trustedHeaderSet ? $name : null;
}
self::$trustedHeaderSet = $trustedHeaderSet;
}

/**
Expand All @@ -565,6 +603,16 @@ public static function getTrustedProxies()
return self::$trustedProxies;
}

/**
* Gets the set of trusted headers from trusted proxies.
*
* @return int A bit field of Request::HEADER_* that defines which headers are trusted from your proxies
*/
public static function getTrustedHeaderSet()
{
return self::$trustedHeaderSet;
}

/**
* Sets a list of trusted host patterns.
*
Expand Down Expand Up @@ -608,14 +656,22 @@ public static function getTrustedHosts()
* @param string $value The header name
*
* @throws \InvalidArgumentException
*
* @deprecated since version 3.3, to be removed in 4.0. Use "X-Forwarded-*" headers or the "Forwarded" header defined in RFC7239, and the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
*/
public static function setTrustedHeaderName($key, $value)
{
@trigger_error(sprintf('The "%s()" method is deprecated since version 3.3 and will be removed in 4.0. Use "X-Forwarded-*" headers or the "Forwarded" header defined in RFC7239, and the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.', __METHOD__), E_USER_DEPRECATED);

if (!array_key_exists($key, self::$trustedHeaders)) {
throw new \InvalidArgumentException(sprintf('Unable to set the trusted header name for key "%s".', $key));
}

self::$trustedHeaders[$key] = $value;

if (null !== $value) {
self::$trustedHeaderNames[$key] = $value;
}
}

/**
Expand All @@ -626,9 +682,15 @@ public static function setTrustedHeaderName($key, $value)
* @return string The header name
*
* @throws \InvalidArgumentException
*
* @deprecated since version 3.3, to be removed in 4.0. Use the Request::getTrustedHeaderSet() method instead.
*/
public static function getTrustedHeaderName($key)
{
if (2 > func_num_args() || func_get_arg(1)) {
@trigger_error(sprintf('The "%s()" method is deprecated since version 3.3 and will be removed in 4.0. Use the Request::getTrustedHeaderSet() method instead.', __METHOD__), E_USER_DEPRECATED);
}

if (!array_key_exists($key, self::$trustedHeaders)) {
throw new \InvalidArgumentException(sprintf('Unable to get the trusted header name for key "%s".', $key));
}
Expand Down
Loading