TrustedProxy icon indicating copy to clipboard operation
TrustedProxy copied to clipboard

Published 20 hours ago verified publisher icon fideloper

Support custom trusted header bitmasks

Open matt-allan opened this issue 5 years ago • 3 comments

This PR adds support for custom bitmasks, which are necessary if your load balancer doesn't support all X-Forwarded-* headers and doesn't support the same subset of X-Forwarded-* headers that AWS ELB uses. I personally ran into this while using ngrok via valet share, which doesn't send HEADER_X_FORWARDED_PORT.

matt-allan avatar Feb 17 '20 16:02 matt-allan

Hi! I just wanted to let you know that this looks good on the surface. I'll likely pull it in when I have some extra time to test it out a bit more myself as well.

Thanks!

fideloper avatar Feb 22 '20 01:02 fideloper

Whoops, one more thing: Can you give an example of its usage? It looks like the test is an example, but I wanted to confirm that.

I'll use that to update the readme.md docs.

fideloper avatar Feb 22 '20 01:02 fideloper

Great, thanks for the update.

RE: usage you would typically start with Request::HEADER_X_FORWARDED_ALL and use a bitwise xor to exclude the headers you do not want, i.e.

// all x-forwarded-* headers except for x-forwarded-port
Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_PORT
// all x-forwarded-* headers except for x-forwarded-host
Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_HOST

Here's an example from Symfony.

matt-allan avatar Feb 24 '20 15:02 matt-allan