[HttpFoundation] Add $trustedHeaderSet arg to Request::setTrustedProxies() - deprecate not setting it

nicolas-grekas · nicolas-grekas · commit 072fe39ae369 · 2017-03-18T18:22:40.000+01:00
diff --git a/UPGRADE-3.3.md b/UPGRADE-3.3.md
@@ -117,6 +117,8 @@ Finder
 FrameworkBundle
 ---------------
 
+ * The "framework.trusted_proxies configuration option and the corresponding "kernel.trusted_proxies" parameter have been deprecated and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.
+
  * The `Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\AddConsoleCommandPass` has been deprecated. Use `Symfony\Component\Console\DependencyInjection\AddConsoleCommandPass` instead.
 
  * The `Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\SerializerPass` class has been
@@ -166,6 +168,16 @@ FrameworkBundle
    class has been deprecated and will be removed in 4.0. Use the 
    `Symfony\Component\Routing\DependencyInjection\RoutingResolverPass` class instead.
 
+HttpFoundation
+--------------
+
+ * The `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument - not setting it is deprecated.
+   Set it to `Request::HEADER_FORWARDED` if your reverse-proxy uses the RFC7239 `Forwarded` header,
+   or to `Request::HEADER_X_FORWARDED_ALL` if it is using `X-Forwarded-*` headers instead.
+
+ * The `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods are deprecated,
+   use the RFC7239 `Forwarded` header, or the `X-Forwarded-*` headers instead.
+
 HttpKernel
 -----------
 
diff --git a/UPGRADE-4.0.md b/UPGRADE-4.0.md
@@ -187,6 +187,8 @@ Form
 FrameworkBundle
 ---------------
 
+ * The "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter have been removed. Use the `Request::setTrustedProxies()` method in your front controller instead.
+
  * Support for absolute template paths has been removed.
 
  * The following form types registered as services have been removed; use their
@@ -274,6 +276,15 @@ FrameworkBundle
 HttpFoundation
 ---------------
 
+HttpFoundation
+--------------
+
+ * The `Request::setTrustedProxies()` method takes a new `$trustedHeaderSet` argument.
+   Set it to `Request::HEADER_FORWARDED` if your reverse-proxy uses the RFC7239 `Forwarded` header,
+   or to `Request::HEADER_X_FORWARDED_ALL` if it is using `X-Forwarded-*` headers instead.
+
+ * The `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods have been removed.
+
  * Extending the following methods of `Response`
    is no longer possible (these methods are now `final`):
 
diff --git a/src/Symfony/Bridge/Monolog/Tests/Processor/WebProcessorTest.php b/src/Symfony/Bridge/Monolog/Tests/Processor/WebProcessorTest.php
@@ -36,7 +36,7 @@ public function testUsesRequestServerData()
 
     public function testUseRequestClientIp()
     {
-        Request::setTrustedProxies(array('192.168.0.1'));
+        Request::setTrustedProxies(array('192.168.0.1'), Request::HEADER_X_FORWARDED_ALL);
         list($event, $server) = $this->createRequestEvent(array('X_FORWARDED_FOR' => '192.168.0.2'));
 
         $processor = new WebProcessor();
diff --git a/src/Symfony/Bridge/Monolog/composer.json b/src/Symfony/Bridge/Monolog/composer.json
@@ -25,6 +25,9 @@
         "symfony/event-dispatcher": "~2.8|~3.0",
         "symfony/var-dumper": "~3.3"
     },
+    "conflict": {
+        "symfony/http-foundation": "<3.3"
+    },
     "suggest": {
         "symfony/http-kernel": "For using the debugging handlers together with the response life cycle of the HTTP kernel.",
         "symfony/console": "For the possibility to show log messages in console commands depending on verbosity settings. You need version ~2.3 of the console for it.",
diff --git a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
@@ -4,6 +4,7 @@ CHANGELOG
 3.3.0
 -----
 
+ * Deprecated the "framework.trusted_proxies" configuration option and the corresponding "kernel.trusted_proxies" parameter
  * Changed default configuration for
    assets/forms/validation/translation/serialization/csrf from `canBeEnabled()` to
    `canBeDisabled()` when Flex is used
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
@@ -18,6 +18,7 @@
 use Symfony\Component\Config\Definition\Builder\TreeBuilder;
 use Symfony\Component\Config\Definition\ConfigurationInterface;
 use Symfony\Component\Form\Form;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Serializer\Serializer;
 use Symfony\Component\Translation\Translator;
 use Symfony\Component\Validator\Validation;
@@ -58,6 +59,14 @@ public function getConfigTreeBuilder()
                     return $v;
                 })
             ->end()
+            ->beforeNormalization()
+                ->ifTrue(function ($v) { return isset($v['trusted_proxies']); })
+                ->then(function ($v) {
+                    @trigger_error('The "framework.trusted_proxies" configuration key is deprecated since version 3.3 and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED);
+
+                    return $v;
+                })
+            ->end()
             ->children()
                 ->scalarNode('secret')->end()
                 ->scalarNode('http_method_override')
diff --git a/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php b/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
@@ -60,7 +60,9 @@ public function boot()
         ErrorHandler::register(null, false)->throwAt($this->container->getParameter('debug.error_handler.throw_at'), true);
 
         if ($trustedProxies = $this->container->getParameter('kernel.trusted_proxies')) {
-            Request::setTrustedProxies($trustedProxies);
+            @trigger_error('The "kernel.trusted_proxies" parameter is deprecated since version 3.3 and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED);
+
+            Request::setTrustedProxies($trustedProxies, Request::getTrustedHeaderSet());
         }
 
         if ($this->container->getParameter('kernel.http_method_override')) {
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
@@ -43,6 +43,7 @@ public function testDoNoDuplicateDefaultFormResources()
     }
 
     /**
+     * @group legacy
      * @dataProvider getTestValidTrustedProxiesData
      */
     public function testValidTrustedProxies($trustedProxies, $processedProxies)
@@ -73,6 +74,7 @@ public function getTestValidTrustedProxiesData()
     }
 
     /**
+     * @group legacy
      * @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
      */
     public function testInvalidTypeTrustedProxies()
@@ -88,6 +90,7 @@ public function testInvalidTypeTrustedProxies()
     }
 
     /**
+     * @group legacy
      * @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
      */
     public function testInvalidValueTrustedProxies()
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
@@ -10,7 +10,6 @@
         ),
     ),
     'http_method_override' => false,
-    'trusted_proxies' => array('127.0.0.1', '10.0.0.1'),
     'esi' => array(
         'enabled' => true,
     ),
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
@@ -6,7 +6,7 @@
     xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
                         http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
-    <framework:config secret="s3cr3t" ide="file%%link%%format" default-locale="fr" trusted-proxies="127.0.0.1, 10.0.0.1" http-method-override="false">
+    <framework:config secret="s3cr3t" ide="file%%link%%format" default-locale="fr" http-method-override="false">
         <framework:csrf-protection />
         <framework:form>
             <framework:csrf-protection field-name="_csrf"/>
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml
@@ -6,7 +6,6 @@ framework:
         csrf_protection:
             field_name: _csrf
     http_method_override: false
-    trusted_proxies: ['127.0.0.1', '10.0.0.1']
     esi:
         enabled: true
     profiler:
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
@@ -86,13 +86,6 @@ public function testCsrfProtectionForFormsEnablesCsrfProtectionAutomatically()
         $this->assertTrue($container->hasDefinition('security.csrf.token_manager'));
     }
 
-    public function testProxies()
-    {
-        $container = $this->createContainerFromFile('full');
-
-        $this->assertEquals(array('127.0.0.1', '10.0.0.1'), $container->getParameter('kernel.trusted_proxies'));
-    }
-
     public function testHttpMethodOverride()
     {
         $container = $this->createContainerFromFile('full');
diff --git a/src/Symfony/Component/HttpFoundation/CHANGELOG.md b/src/Symfony/Component/HttpFoundation/CHANGELOG.md
@@ -4,6 +4,8 @@ CHANGELOG
 3.3.0
 -----
 
+ * added `$trustedHeaderSet` argument to `Request::setTrustedProxies()` - deprecate not setting it,
+ * deprecated the `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` methods,
  * added `File\Stream`, to be passed to `BinaryFileResponse` when the size of the served file is unknown,
    disabling `Range` and `Content-Length` handling, switching to chunked encoding instead
  * added the `Cookie::fromString()` method that allows to create a cookie from a
diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
@@ -30,11 +30,21 @@
  */
 class Request
 {
-    const HEADER_FORWARDED = 'forwarded';
-    const HEADER_CLIENT_IP = 'client_ip';
-    const HEADER_CLIENT_HOST = 'client_host';
-    const HEADER_CLIENT_PROTO = 'client_proto';
-    const HEADER_CLIENT_PORT = 'client_port';
+    const HEADER_FORWARDED = 0b00001;
+    const HEADER_X_FORWARDED_ALL = 0b11110;
+    const HEADER_X_FORWARDED_FOR = 2;
+    const HEADER_X_FORWARDED_HOST = 4;
+    const HEADER_X_FORWARDED_PROTO = 8;
+    const HEADER_X_FORWARDED_PORT = 16;
+
+    /** @deprecated since version 3.3, to be removed in 4.0 */
+    const HEADER_CLIENT_IP = self::HEADER_X_FORWARDED_FOR;
+    /** @deprecated since version 3.3, to be removed in 4.0 */
+    const HEADER_CLIENT_HOST = self::HEADER_X_FORWARDED_HOST;
+    /** @deprecated since version 3.3, to be removed in 4.0 */
+    const HEADER_CLIENT_PROTO = self::HEADER_X_FORWARDED_PROTO;
+    /** @deprecated since version 3.3, to be removed in 4.0 */
+    const HEADER_CLIENT_PORT = self::HEADER_X_FORWARDED_PORT;
 
     const METHOD_HEAD = 'HEAD';
     const METHOD_GET = 'GET';
@@ -70,6 +80,8 @@ class Request
      *
      * The other headers are non-standard, but widely used
      * by popular reverse proxies (like Apache mod_proxy or Amazon EC2).
+     *
+     * @deprecated since version 3.3, to be removed in 4.0
      */
     protected static $trustedHeaders = array(
         self::HEADER_FORWARDED => 'FORWARDED',
@@ -210,6 +222,17 @@ class Request
     private $isHostValid = true;
     private $isClientIpsValid = true;
 
+    private static $trustedHeaderSet = -1;
+
+    /** @deprecated since version 3.3, to be removed in 4.0 */
+    private static $trustedHeaderNames = array(
+        self::HEADER_FORWARDED => 'FORWARDED',
+        self::HEADER_CLIENT_IP => 'X_FORWARDED_FOR',
+        self::HEADER_CLIENT_HOST => 'X_FORWARDED_HOST',
+        self::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO',
+        self::HEADER_CLIENT_PORT => 'X_FORWARDED_PORT',
+    );
+
     /**
      * Constructor.
      *
@@ -548,11 +571,26 @@ public function overrideGlobals()
      *
      * You should only list the reverse proxies that you manage directly.
      *
-     * @param array $proxies A list of trusted proxies
+     * @param array $proxies          A list of trusted proxies
+     * @param int   $trustedHeaderSet A bit field of Request::HEADER_*, usually either Request::HEADER_FORWARDED or Request::HEADER_X_FORWARDED_ALL, to set which headers to trust from your proxies
+     *
+     * @throws \InvalidArgumentException When $trustedHeaderSet is invalid
      */
-    public static function setTrustedProxies(array $proxies)
+    public static function setTrustedProxies(array $proxies/*, int $trustedHeaderSet*/)
     {
         self::$trustedProxies = $proxies;
+
+        if (2 > func_num_args()) {
+            @trigger_error(sprintf('The %s() method expects a bit field of Request::HEADER_* as second argument. Not defining it is deprecated since version 3.3 and will be required in 4.0.', __METHOD__), E_USER_DEPRECATED);
+
+            return;
+        }
+        $trustedHeaderSet = func_get_arg(1);
+
+        foreach (self::$trustedHeaderNames as $header => $name) {
+            self::$trustedHeaders[$header] = $header & $trustedHeaderSet ? $name : null;
+        }
+        self::$trustedHeaderSet = $trustedHeaderSet;
     }
 
     /**
@@ -565,6 +603,16 @@ public static function getTrustedProxies()
         return self::$trustedProxies;
     }
 
+    /**
+     * Gets the set of trusted headers from trusted proxies.
+     *
+     * @return int A bit field of Request::HEADER_* that defines which headers are trusted from your proxies
+     */
+    public static function getTrustedHeaderSet()
+    {
+        return self::$trustedHeaderSet;
+    }
+
     /**
      * Sets a list of trusted host patterns.
      *
@@ -608,14 +656,22 @@ public static function getTrustedHosts()
      * @param string $value The header name
      *
      * @throws \InvalidArgumentException
+     *
+     * @deprecated since version 3.3, to be removed in 4.0. Use "X-Forwarded-*" headers or the "Forwarded" header defined in RFC7239, and the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
      */
     public static function setTrustedHeaderName($key, $value)
     {
+        @trigger_error(sprintf('The "%s()" method is deprecated since version 3.3 and will be removed in 4.0. Use "X-Forwarded-*" headers or the "Forwarded" header defined in RFC7239, and the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.', __METHOD__), E_USER_DEPRECATED);
+
         if (!array_key_exists($key, self::$trustedHeaders)) {
             throw new \InvalidArgumentException(sprintf('Unable to set the trusted header name for key "%s".', $key));
         }
 
         self::$trustedHeaders[$key] = $value;
+
+        if (null !== $value) {
+            self::$trustedHeaderNames[$key] = $value;
+        }
     }
 
     /**
@@ -626,9 +682,15 @@ public static function setTrustedHeaderName($key, $value)
      * @return string The header name
      *
      * @throws \InvalidArgumentException
+     *
+     * @deprecated since version 3.3, to be removed in 4.0. Use the Request::getTrustedHeaderSet() method instead.
      */
     public static function getTrustedHeaderName($key)
     {
+        if (2 > func_num_args() || func_get_arg(1)) {
+            @trigger_error(sprintf('The "%s()" method is deprecated since version 3.3 and will be removed in 4.0. Use the Request::getTrustedHeaderSet() method instead.', __METHOD__), E_USER_DEPRECATED);
+        }
+
         if (!array_key_exists($key, self::$trustedHeaders)) {
             throw new \InvalidArgumentException(sprintf('Unable to get the trusted header name for key "%s".', $key));
         }
diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
diff --git a/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php b/src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php
diff --git a/src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php b/src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
diff --git a/src/Symfony/Component/HttpKernel/Tests/EventListener/ValidateRequestListenerTest.php b/src/Symfony/Component/HttpKernel/Tests/EventListener/ValidateRequestListenerTest.php
diff --git a/src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php b/src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php
diff --git a/src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php b/src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php
diff --git a/src/Symfony/Component/HttpKernel/Tests/HttpKernelTest.php b/src/Symfony/Component/HttpKernel/Tests/HttpKernelTest.php

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ public function testUsesRequestServerData()`
`36`	`36`
`37`	`37`	`public function testUseRequestClientIp()`
`38`	`38`	`{`
`39`		`- Request::setTrustedProxies(array('192.168.0.1'));`
	`39`	`+ Request::setTrustedProxies(array('192.168.0.1'), Request::HEADER_X_FORWARDED_ALL);`
`40`	`40`	`list($event, $server) = $this->createRequestEvent(array('X_FORWARDED_FOR' => '192.168.0.2'));`
`41`	`41`
`42`	`42`	`$processor = new WebProcessor();`
Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,9 @@ public function boot()`
`60`	`60`	`ErrorHandler::register(null, false)->throwAt($this->container->getParameter('debug.error_handler.throw_at'), true);`
`61`	`61`
`62`	`62`	`if ($trustedProxies = $this->container->getParameter('kernel.trusted_proxies')) {`
`63`		`- Request::setTrustedProxies($trustedProxies);`
	`63`	`+ @trigger_error('The "kernel.trusted_proxies" parameter is deprecated since version 3.3 and will be removed in 4.0. Use the Request::setTrustedProxies() method in your front controller instead.', E_USER_DEPRECATED);`
	`64`	`+`
	`65`	`+ Request::setTrustedProxies($trustedProxies, Request::getTrustedHeaderSet());`
`64`	`66`	`}`
`65`	`67`
`66`	`68`	`if ($this->container->getParameter('kernel.http_method_override')) {`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,7 @@ public function testDoNoDuplicateDefaultFormResources()`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`/**`
	`46`	`+ * @group legacy`
`46`	`47`	`* @dataProvider getTestValidTrustedProxiesData`
`47`	`48`	`*/`
`48`	`49`	`public function testValidTrustedProxies($trustedProxies, $processedProxies)`
`@@ -73,6 +74,7 @@ public function getTestValidTrustedProxiesData()`
`73`	`74`	`}`
`74`	`75`
`75`	`76`	`/**`
	`77`	`+ * @group legacy`
`76`	`78`	`* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException`
`77`	`79`	`*/`
`78`	`80`	`public function testInvalidTypeTrustedProxies()`
`@@ -88,6 +90,7 @@ public function testInvalidTypeTrustedProxies()`
`88`	`90`	`}`
`89`	`91`
`90`	`92`	`/**`
	`93`	`+ * @group legacy`
`91`	`94`	`* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException`
`92`	`95`	`*/`
`93`	`96`	`public function testInvalidValueTrustedProxies()`
Original file line number	Diff line number	Diff line change
`@@ -86,13 +86,6 @@ public function testCsrfProtectionForFormsEnablesCsrfProtectionAutomatically()`
`86`	`86`	`$this->assertTrue($container->hasDefinition('security.csrf.token_manager'));`
`87`	`87`	`}`
`88`	`88`
`89`		`- public function testProxies()`
`90`		`- {`
`91`		`- $container = $this->createContainerFromFile('full');`
`92`		`-`
`93`		`- $this->assertEquals(array('127.0.0.1', '10.0.0.1'), $container->getParameter('kernel.trusted_proxies'));`
`94`		`- }`
`95`		`-`
`96`	`89`	`public function testHttpMethodOverride()`
`97`	`90`	`{`
`98`	`91`	`$container = $this->createContainerFromFile('full');`