Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork5.3k
Trusted proxies were removed when URL signing took over#6541
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Trusted proxies were removed when URL signing took over#6541
Uh oh!
There was an error while loading.Please reload this page.
Conversation
| .. index:: | ||
| single: Request; Trusted Proxies | ||
| Trusting Proxies |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
this removal is wrong. We still have trusted proxies (even though ESI accepts signed requests from anywhere)
stof commentedMay 6, 2016
the commit you linked does not remove trusted proxies at all. It removed their usage in a single place which was not working properly |
…o ``trusted_proxies``
rawkode commentedMay 6, 2016
Sorry,@stof - silly assumption on my part. I've removed all the daft removals. TIL more about Symfony and the FragmentListener 👍 |
xabbuh commentedMay 21, 2016
👍 |
…rawkode)This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#6541).Discussion----------Trusted proxies were removed when URL signing took overSince:symfony/http-kernel@fa8f4f8Commits-------853825b Removing incorrect reference that the FragmentListener only listens to ``trusted_proxies``
wouterj commentedMay 21, 2016
Thank you@rawkode for updating the code. As this security fix was merged into the 2.3 version of the code, I've merged this into the 2.3 version of the docs as well. I'll take care of merging it into the other versions. |
Since:symfony/http-kernel@fa8f4f8