10000 [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For by magnusnordlander · Pull Request #18688 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For #18688

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 11 commits into from
Closed

[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For #18688

Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
4c262d4
Emit a warning when a request has both a trusted
magnusnordlander May 2, 2016
da4b6c5
Updated according to fabbot review
magnusnordlander May 3, 2016
f0c3d15
Changed warning to exception, and only throws when headers disagree.
magnusnordlander May 5, 2016
2eea0f1
CS fix
magnusnordlander May 5, 2016
c017290
Added a listener to validate requests
magnusnordlander Jun 25, 2016
99b072e
Changed listener to only throw on master requests (to preserve except…
magnusnordlander Jun 25, 2016
41d2603
Added fabbot CS fixes
magnusnordlander Jun 25, 2016
ea691e7
Made the profiler handle unknown client IPs.
magnusnordlander Jun 25, 2016
a9f864d
Updated tests
magnusnordlander Jun 25, 2016
66f19f1
Renamed listener and CS fixes.
magnusnordlander Jun 28, 2016
d52d098
Fixed test failures
magnusnordlander Jun 28, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Changed listener to only throw on master requests (to preserve except… 
…ion handling)
  • Loading branch information
@magnusnordlander
magnusnordlander committed Jun 25, 2016
commit 99b072e19f63689626e69a211d18a7043e748647
14 changes: 9 additions & 5 deletions src/Symfony/Component/HttpKernel/EventListener/ValidateRequestClientIpListener.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
use Symfony\Component\HttpFoundation\Exception\ConflictingHeadersException;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\HttpKernel\HttpKernelInterface;
use Symfony\Component\HttpKernel\KernelEvents;

/**
Expand All @@ -32,12 +33,15 @@ class ValidateRequestClientIpListener implements EventSubscriberInterface
*/
public function onKernelRequest(GetResponseEvent $event)
{
try {
// This will throw an exception if the headers are inconsistent.
$event->getRequest()->getClientIps();
} catch (ConflictingHeadersException $e) {
throw new HttpException(400, "The request headers contain conflicting information regarding the origin of this request.", $e);
if ($event->getRequestType() == HttpKernelInterface::MASTER_REQUEST) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be if ($event->isMasterRequest()) {

try {
// This will throw an exception if the headers are inconsistent.
$event->getRequest()->getClientIps();
} catch (ConflictingHeadersException $e) {
throw new HttpException(400, "The request headers contain conflicting information regarding the origin of this request.", $e);
}
}

}

/**
Expand Down
0