NotificationsYou must be signed in to change notification settings
Fork9.7k
Star30.8k

[HttpFoundation] Add`PRIVATE_SUBNETS` as a shortcut for private IP address ranges to`Request::setTrustedProxies()`#58154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Merged

nicolas-grekas merged 1 commit intosymfony:7.2fromnicolas-grekas:hk-trusted-proxies

Sep 3, 2024

Merged

[HttpFoundation] Add`PRIVATE_SUBNETS` as a shortcut for private IP address ranges to`Request::setTrustedProxies()`#58154

nicolas-grekas merged 1 commit intosymfony:7.2fromnicolas-grekas:hk-trusted-proxies

Sep 3, 2024

Conversation

Copy link

Member

nicolas-grekas commentedSep 3, 2024•
edited
Loading

Q	A
Branch?	7.2
Bug fix?	no
New feature?	no
Deprecations?	no
Issues	-
License	MIT

Let's save some memory allocations and callbacks when we can.

Tweaks#33574 and#52924

carsonbot added Status: Needs Review HttpFoundation labels

Sep 3, 2024

carsonbot added this to the7.2 milestone

Sep 3, 2024

nicolas-grekas force-pushed thehk-trusted-proxies branch 2 times, most recently from9033e91 todbe2679Compare

September 3, 2024 08:41

derrabus approved these changes

Sep 3, 2024

View reviewed changes

carsonbot added Status: Reviewed and removed Status: Needs Review labels

Sep 3, 2024

nicolas-grekas force-pushed thehk-trusted-proxies branch fromdbe2679 to8a27bd7Compare

September 3, 2024 08:58

nicolas-grekas changed the title~~[HttpFoundation] µ-optimize Request::setTrustedProxies()~~[HttpFoundation] AddPRIVATE_SUBNETS as a shortcut for private IP address ranges toRequest::setTrustedProxies()

Sep 3, 2024

nicolas-grekas force-pushed thehk-trusted-proxies branch from8a27bd7 toc69c923Compare

September 3, 2024 09:03

xabbuh reviewed

Sep 3, 2024

View reviewed changes

src/Symfony/Component/HttpFoundation/Request.php OutdatedShow resolvedHide resolved

xabbuh approved these changes

Sep 3, 2024

View reviewed changes

xabbuh requested changes

Sep 3, 2024

View reviewed changes

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.phpShow resolvedHide resolved

carsonbot added Status: Needs Work and removed Status: Reviewed labels

Sep 3, 2024

nicolas-grekas force-pushed thehk-trusted-proxies branch fromc69c923 to3fd2dd1Compare

September 3, 2024 09:07

nicolas-grekas commented

Sep 3, 2024

View reviewed changes

Copy link

MemberAuthor

nicolas-grekas left a comment•
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

While reading the code around, I realized thatprivate_ranges for trusted proxies works only for explicit static configuration, aka env vars are not supported.
I fixed this by adding support for thePRIVATE_SUBNETS special value in setTrustedProxies, next to the already supportedREMOTE_ADDR. Note the name and casing change, which look desired to me for consistency withREMOTE_ADDR.private_ranges is also supported for legacy reasons.

[HttpFoundation] AddPRIVATE_SUBNETS as a shortcut for private IP a…

6bd4b4a

…ddress ranges to `Request::setTrustedProxies()`

nicolas-grekas force-pushed thehk-trusted-proxies branch from3fd2dd1 to6bd4b4aCompare

September 3, 2024 09:13

stof reviewed

Sep 3, 2024

View reviewed changes

src/Symfony/Component/HttpFoundation/Request.php

		}
		}

		if (false !== ($i =array_search('PRIVATE_SUBNETS',$proxies,true)) \|\|false !== ($i =array_search('private_ranges',$proxies,true))) {

Copy link

Member

stofSep 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

shouldprivate_ranges be deprecated in favor ofPRIVATE_SUBNETS or no ?

Copy link

MemberAuthor

nicolas-grekasSep 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I don't think it's worth the trouble for the community.

xabbuh approved these changes

Sep 3, 2024

View reviewed changes

carsonbot added Status: Reviewed and removed Status: Needs Work labels

Sep 3, 2024

nicolas-grekas added the Feature label

Sep 3, 2024

nicolas-grekas merged commit4a7a68e intosymfony:7.2

Sep 3, 2024

nicolas-grekas mentioned this pull request

Sep 3, 2024

[HttpFoundation] AddPRIVATE_SUBNETS as a shortcut for private IP add…symfony/symfony-docs#20192

Closed

nicolas-grekas deleted the hk-trusted-proxies branch

September 3, 2024 13:12

fabpot mentioned this pull request

Oct 27, 2024

Release v7.2.0-BETA1#58686

Merged

Copy link

ValentinRgt commentedNov 12, 2024

Hi, this improvement be retroactive up to and including 6.4, 7.0 and 7.1?

Copy link

Member

xabbuh commentedNov 12, 2024

New features are not backported to already released Symfony versions. You will have to upgrade to 7.2 to be able to use it.

Copy link

Contributor

faizanakram99 commentedFeb 19, 2025

While reading the code around, I realized thatprivate_ranges for trusted proxies works only for explicit static configuration, aka env vars are not supported. I fixed this by adding support for thePRIVATE_SUBNETS special value in setTrustedProxies, next to the already supportedREMOTE_ADDR. Note the name and casing change, which look desired to me for consistency withREMOTE_ADDR.private_ranges is also supported for legacy reasons.

@nicolas-grekas sorry for the ping, will PRIVATE_SUBNETS and REMOTE_ADDR work with the new env vars SYMFONY_TRUSTED_PROXIES?