-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle reverse proxy setting a port in Forwarded-For #43352
Conversation
@@ -612,6 +612,11 @@ public function getRemoteAddress(): string { | |||
$IP = substr($IP, 1, -1); | |||
} | |||
|
|||
// remove client port when set | |||
if(str_contains($IP, ':')) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this completely breaks IPv6
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice catch. I've updated the PR with new code that should work better
Signed-off-by: Mikael Peigney <Mika56@users.noreply.github.com>
As reference, how Symfony solved the same problem: https://github.com/symfony/symfony/blob/d9d6024a1a663caa7f13360a4a1d9de443e9c954/src/Symfony/Component/HttpFoundation/Request.php#L1986-L1997 I recommend adding some automated tests to make sure the parsing does not break in the future. |
And the corresponding tests: https://github.com/symfony/symfony/blob/d9d6024a1a663caa7f13360a4a1d9de443e9c954/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php#L1034 |
You can add your tests in
|
Do you need more help? Or shall we take over to finish it? |
I lack time, if you're willing to take it over, please go for it! :) |
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Joas Schilling <coding@schilljs.com>
Due to changes in CI a rebase was required, but I was unable to push that. So I made a new PR at #43552 |
No problem, thanks for taking care of it! |
As per RFC 7239, a reverse proxy may add a port to the client's IP address:
This MR removes that port from the IP address, allowing the
Forwarde-For
header to be properly handled.