8000 feature #21830 [HttpFoundation] Add $trustedHeaderSet arg to Request:… · symfony/symfony@343490c · GitHub
[go: up one dir, main page]
Skip to content

Commit 343490c

Browse files
fabpotfabpot
committed
feature #21830 [HttpFoundation] Add $trustedHeaderSet arg to Request::setTrustedProxies() - deprecate not setting it (nicolas-grekas)
This PR was merged into the 3 8000 .3-dev branch. Discussion ---------- [HttpFoundation] Add $trustedHeaderSet arg to Request::setTrustedProxies() - deprecate not setting it | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | yes | Tests pass? | no tests yet | Fixed tickets | - | License | MIT | Doc PR | - Follow up of #18688 PR adds a second `$trustedHeaderSet` argument to `Request::setTrustedProxies()`, can be either `Request::HEADER_FORWARDED` or `Request::HEADER_X_FORWARDED_ALL` to set which header to trust from your proxies - the idea being that without this info, one will get some `ConflictingHeadersException`, but those may be lost in the logs. Commits ------- d3c9604 [HttpFoundation] Add $trustedHeaderSet arg to Request::setTrustedProxies() - deprecate not setting it
2 parents 3023e4b + d3c9604 commit 343490c

File tree

21 files changed

+243
-73
lines changed

21 files changed

+243
-73
lines changed

UPGRADE-3.3.md

Lines changed: 16 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -126,6 +126,9 @@ FrameworkBundle
126126
* The `cache:clear` command should always be called with the `--no-warmup` option.
127127
Warmup should be done via the `cache:warmup` command.
128128

129+
* The "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter have been deprecated and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.
130+
131+
129132
* The `Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\AddConsoleCommandPass` has been deprecated. Use `Symfony\Component\Console\DependencyInjection\AddConsoleCommandPass` instead.
130133

131134
* The `Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\SerializerPass` class has been
@@ -175,14 +178,24 @@ FrameworkBundle
175178
class has been deprecated and will be removed in 4.0. Use the
176179
`Symfony\Component\Routing\DependencyInjection\RoutingResolverPass` class instead.
177180

178-
* The `server:run`, `server:start`, `server:stop` and
179-
`server:status` console commands have been moved to a dedicated bundle.
180-
Require `symfony/web-server-bundle` in your composer.json and register
181+
* The `server:run`, `server:start`, `server:stop` and
182+
`server:status` console commands have been moved to a dedicated bundle.
183+
Require `symfony/web-server-bundle` in your composer.json and register
181184
`Symfony\Bundle\WebServerBundle\WebServerBundle` in your AppKernel to use them.
182185

183186
* The `Symfony\Bundle\FrameworkBundle\Translation\Translator` constructor now takes the
184187
default locale as 3rd argument. Not passing it will trigger an error in 4.0.
185188

189+
HttpFoundation
190+
--------------
191+
192+
* The `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument - not setting it is deprecated.
193+
Set it to `Request::HEADER_FORWARDED` if your reverse-proxy uses the RFC7239 `Forwarded` header,
194+
or to `Request::HEADER_X_FORWARDED_ALL` if it is using `X-Forwarded-*` headers instead.
195+
196+
* The `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods are deprecated,
197+
use the RFC7239 `Forwarded` header, or the `X-Forwarded-*` headers instead.
198+
186199
HttpKernel
187200
-----------
188201

UPGRADE-4.0.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -190,6 +190,8 @@ FrameworkBundle
190190
* The `cache:clear` command does not warmup the cache anymore. Warmup should
191191
be done via the `cache:warmup` command.
192192

193+
* The "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter have been removed. Use the `Request::setTrustedProxies()` method in your front controller instead.
194+
193195
* Support for absolute template paths has been removed.
194196

195197
* The following form types registered as services have been removed; use their
@@ -280,6 +282,15 @@ FrameworkBundle
280282
HttpFoundation
281283
---------------
282284

285+
HttpFoundation
286+
--------------
287+
288+
* The `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument.
289+
Set it to `Request::HEADER_FORWARDED` if your reverse-proxy uses the RFC7239 `Forwarded` header,
290+
or to `Request::HEADER_X_FORWARDED_ALL` if it is using `X-Forwarded-*` headers instead.
291+
292+
* The `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods have been removed.
293+
283294
* Extending the following methods of `Response`
284295
is no longer possible (these methods are now `final`):
285296

src/Symfony/Bridge/Monolog/Tests/Processor/WebProcessorTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ public function testUsesRequestServerData()
3636

3737
public function testUseRequestClientIp()
3838
{
39-
Request::setTrustedProxies(array('192.168.0.1'));
39+
Request::setTrustedProxies(array('192.168.0.1'), Request::HEADER_X_FORWARDED_ALL);
4040
list($event, $server) = $this->createRequestEvent(array('X_FORWARDED_FOR' => '192.168.0.2'));
4141

4242
$processor = new WebProcessor();

src/Symfony/Bridge/Monolog/composer.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,9 @@
2525
"symfony/event-dispatcher": "~2.8|~3.0",
2626
"symfony/var-dumper": "~3.3"
2727
},
28+
"conflict": {
29+
"symfony/http-foundation": "<3.3"
30+
},
2831
"suggest": {
2932
"symfony/http-kernel": "For using the debugging handlers together with the response life cycle of the HTTP kernel.",
3033
"symfony/console": "For the possibility to show log messages in console commands depending on verbosity settings. You need version ~2.3 of the console for it.",

src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ CHANGELOG
55
-----
66

77
* Deprecated `cache:clear` with warmup (always call it with `--no-warmup`)
8+
* Deprecated the "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter
89
* Changed default configuration for
910
assets/forms/validation/translation/serialization/csrf from `canBeEnabled()` to
1011
`canBeDisabled()` when Flex is used

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
1919
use Symfony\Component\Config\Definition\ConfigurationInterface;
2020
use Symfony\Component\Form\Form;
21+
use Symfony\Component\HttpFoundation\Request;
2122
use Symfony\Component\Serializer\Serializer;
2223
use Symfony\Component\Translation\Translator;
2324
use Symfony\Component\Validator\Validation;
@@ -58,6 +59,14 @@ public function getConfigTreeBuilder()
5859
return $v;
5960
})
6061
->end()
62+
->beforeNormalization()
63+
->ifTrue(function ($v) { return isset($v['trusted_proxies']); })
64+
->then(function ($v) {
65+
@trigger_error('The "framework.trusted_proxies" configuration key is deprecated since version 3.3 and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED);
66+
67+
return $v;
68+
})
69+
->end()
6170
->children()
6271
->scalarNode('secret')->end()
6372
->scalarNode('http_method_override')

src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,9 @@ public function boot()
6060
ErrorHandler::register(null, false)->throwAt($this->container->getParameter('debug.error_handler.throw_at'), true);
6161

6262
if ($trustedProxies = $this->container->getParameter('kernel.trusted_proxies')) {
63-
Request::setTrustedProxies($trustedProxies);
63+
@trigger_error('The "kernel.trusted_proxies" parameter is deprecated since version 3.3 and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED);
64+
65+
Request::setTrustedProxies($trustedProxies, Request::getTrustedHeaderSet());
6466
}
6567

6668
if ($this->container->getParameter('kernel.http_method_override')) {

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@ public function testDoNoDuplicateDefaultFormResources()
4343
}
4444

4545
/**
46+
* @group legacy
4647
* @dataProvider getTestValidTrustedProxiesData
4748
*/
4849
public function testValidTrustedProxies($trustedProxies, $processedProxies)
@@ -73,6 +74,7 @@ public function getTestValidTrustedProxiesData()
7374
}
7475

7576
/**
77+
* @group legacy
7678
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
7779
*/
7880
public function testInvalidTypeTrustedProxies()
@@ -88,6 +90,7 @@ public function testInvalidTypeTrustedProxies()
8890
}
8991

9092
/**
93+
* @group legacy
9194
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
9295
*/
9396
public function testInvalidValueTrustedProxies()

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@
1010
),
1111
),
1212
'http_method_override' => false,
13-
'trusted_proxies' => array('127.0.0.1', '10.0.0.1'),
1413
'esi' => array(
1514
'enabled' => true,
1615
),

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
77
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
88

9-
<framework:config secret="s3cr3t" ide="file%%link%%format" default-locale="fr" trusted-proxies="127.0.0.1, 10.0.0.1" http-method-override="false">
9+
<framework:config secret="s3cr3t" ide="file%%link%%format" default-locale="fr" http-method-override="false">
1010
<framework:csrf-protection />
1111
<framework:form>
1212
<framework:csrf-protection field-name="_csrf"/>

0 commit comments

Comments
 (0)
0