Handle reverse proxy setting a port in Forwarded-For #43352
Conversation
szaimen
added
3. to review
| @@ -612,6 +612,11 @@ public function getRemoteAddress(): string { | |||
| $IP = substr($IP, 1, -1); | |||
| } | |||
|
|
|||
| // remove client port when set | |||
| if(str_contains($IP, ':')) { | |||
There was a problem hiding this comment.
this completely breaks IPv6
There was a problem hiding this comment.
Nice catch. I've updated the PR with new code that should work better
Signed-off-by: Mikael Peigney <Mika56@users.noreply.github.com>
|
As reference, how Symfony solved the same problem: https://github.com/symfony/symfony/blob/d9d6024a1a663caa7f13360a4a1d9de443e9c954/src/Symfony/Component/HttpFoundation/Request.php#L1986-L1997 I recommend adding some automated tests to make sure the parsing does not break in the future. |
|
And the corresponding tests: https://github.com/symfony/symfony/blob/d9d6024a1a663caa7f13360a4a1d9de443e9c954/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php#L1034 |
|
You can add your tests in |
|
Do you need more help? Or shall we take over to finish it? |
|
I lack time, if you're willing to take it over, please go for it! :) |
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
Due to changes in CI a rebase was required, but I was unable to push that. So I made a new PR at #43552 |
|
No problem, thanks for taking care of it! |
As per RFC 7239, a reverse proxy may add a port to the client's IP address:
This MR removes that port from the IP address, allowing the
Forwarde-Forheader to be properly handled.