10000 bug #11937 [HttpKernel] Make sure HttpCache is a trusted proxy (thewi… · symfony/symfony@902efb8 · GitHub
[go: up one dir, main page]
Skip to content

Commit 902efb8

Browse files
fabpotfabpot
committed
bug #11937 [HttpKernel] Make sure HttpCache is a trusted proxy (thewilkybarkid)
This PR was merged into the 2.3 branch. Discussion ---------- [HttpKernel] Make sure HttpCache is a trusted proxy | Q | A | ------------- | --- | Bug fix? | yes (of sorts) | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #9292 | License | MIT | Doc PR | symfony/symfony-docs#4239 Fixes #9292 by adding `127.0.0.1` as a trusted proxy when using `HttpCache` (assuming it hasn't been already). Commits ------- ca65362 Make sure HttpCache is a trusted proxy
2 parents 13139d7 + ca65362 commit 902efb8

File tree

2 files changed

+28
-0
lines changed

2 files changed

+28
-0
lines changed

src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -461,6 +461,12 @@ protected function forward(Request $request, $catch = false, Response $entry = n
461461
// is always called from the same process as the backend.
462462
$request->server->set('REMOTE_ADDR', '127.0.0.1');
463463

464+
// make sure HttpCache is a trusted proxy
465+
if (!in_array('127.0.0.1', $trustedProxies = Request::getTrustedProxies())) {
466+
$trustedProxies[] = '127.0.0.1';
467+
Request::setTrustedProxies($trustedProxies);
468+
}
469+
464470
// always a "master" request (as the real master request can be in cache)
465471
$response = $this->kernel->handle($request, HttpKernelInterface::MASTER_REQUEST, $catch);
466472
// FIXME: we probably need to also catch exceptions if raw === true

src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1155,6 +1155,28 @@ public function testClientIpIsAlwaysLocalhostForForwardedRequests()
11551155
$this->assertEquals('127.0.0.1', $this->kernel->getBackendRequest()->server->get('REMOTE_ADDR'));
11561156
}
11571157

1158+
/**
1159+
* @dataProvider getTrustedProxyData
1160+
*/
1161+
public function testHttpCacheIsSetAsATrustedProxy(array $existing, array $expected)
1162+
{
1163+
Request::setTrustedProxies($existing);
1164+
1165+
$this->setNextResponse();
1166+
$this->request('GET', '/', array('REMOTE_ADDR' => '10.0.0.1'));
116 90CF 7+
1168+
$this->assertEquals($expected, Request::getTrustedProxies());
1169+
}
1170+
1171+
public function getTrustedProxyData()
1172+
{
1173+
return array(
1174+
array(array(), array('127.0.0.1')),
1175+
array(array('10.0.0.2'), array('10.0.0.2', '127.0.0.1')),
1176+
array(array('10.0.0.2', '127.0.0.1'), array('10.0.0.2', '127.0.0.1')),
1177+
);
1178+
}
1179+
11581180
/**
11591181
* @dataProvider getXForwardedForData
11601182
*/

0 commit comments

Comments
 (0)
0