Skip to content
Snippets Groups Projects
Commit 7e9af0f0 authored by catch's avatar catch
Browse files

Issue #3195533 by daffie, longwave: [Symfony 6] The constant... 

Issue #3195533 by daffie, longwave: [Symfony 6] The constant Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL is deprecated
parent 22027604
Branches
Tags
6 merge requests!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!1012Issue #3226887: Hreflang on non-canonical content pages,!789Issue #3210310: Adjust Database API to remove deprecated Drupal 9 code in Drupal 10,!596Issue #3046532: deleting an entity reference field, used in a contextual view, makes the whole site unrecoverable,!496Issue #2463967: Use .user.ini file for PHP settings,!16Draft: Resolve #2081585 "History storage"
Hide whitespace changes
Inline Side-by-side
core/assets/scaffold/files/default.settings.php
+ 11
5
View file @ 7e9af0f0
......@@ -385,17 +385,20 @@
* Sets which headers to trust from your reverse proxy.
*
* Common values are:
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO
* - \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
*
* Note the default value of
* @code
* \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
* \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
* @endcode
* is not secure by default. The value should be set to only the specific
* headers the reverse proxy uses. For example:
* @code
* \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL
* \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO
* @endcode
* This would trust the following headers:
* - X_FORWARDED_FOR
......@@ -403,11 +406,14 @@
* - X_FORWARDED_PROTO
* - X_FORWARDED_PORT
*
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO
* @see \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
* @see \Symfony\Component\HttpFoundation\Request::setTrustedProxies
*/
# $settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED;
# $settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED;
/**
......
core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php
+ 1
1
View file @ 7e9af0f0
......@@ -62,7 +62,7 @@ public static function setSettingsOnRequest(Request $request, Settings $settings
if (count($proxies) > 0) {
// Set the default value. This is the most relaxed setting possible and
// not recommended for production.
$trusted_header_set = Request::HEADER_X_FORWARDED_ALL | Request::HEADER_FORWARDED;
$trusted_header_set = Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO | Request::HEADER_FORWARDED;
$request::setTrustedProxies(
$proxies,
......
core/tests/Drupal/Tests/Core/StackMiddleware/ReverseProxyMiddlewareTest.php
+ 1
1
View file @ 7e9af0f0
......@@ -63,7 +63,7 @@ public function reverseProxyEnabledProvider() {
return [
'Proxy with default trusted headers' => [
['reverse_proxy_addresses' => ['127.0.0.2', '127.0.0.3']],
Request::HEADER_FORWARDED | Request::HEADER_X_FORWARDED_ALL,
Request::HEADER_FORWARDED | Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO,
],
'Proxy with AWS trusted headers' => [
[
......
sites/default/default.settings.php
+ 11
5
View file @ 7e9af0f0
......@@ -385,17 +385,20 @@
* Sets which headers to trust from your reverse proxy.
*
* Common values are:
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT
* - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO
* - \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
*
* Note the default value of
* @code
* \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
* \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
* @endcode
* is not secure by default. The value should be set to only the specific
* headers the reverse proxy uses. For example:
* @code
* \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL
* \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO
* @endcode
* This would trust the following headers:
* - X_FORWARDED_FOR
......@@ -403,11 +406,14 @@
* - X_FORWARDED_PROTO
* - X_FORWARDED_PORT
*
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT
* @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO
* @see \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
* @see \Symfony\Component\HttpFoundation\Request::setTrustedProxies
*/
# $settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED;
# $settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED;
/**
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment