Make Request::isFromTrustedProxy() public. #18197
Conversation
Also add documentation so we know what it can be used for.
|
Can you explain the use case where it is important to determine if the request came from a trusted proxy? This method is already used in several places in the |
|
I'm using this to determine whether to trust a custom More concretely, we have a small middleware plugin for Laravel which sets the root URL for the application: class ProxiedBaseUrlMiddleware
{
public function handle($request, Closure $next)
{
$request = CustomRequest::createFromBase($request);
$baseUrl = $request->maybeGetProxiedBaseUrl();
if ($baseUrl) \URL::forceRootUrl($baseUrl);
return $next($request);
}
}And class CustomRequest extends IlluminateRequest
{
public function maybeGetProxiedBaseUrl()
{
$isFromTrustedProxy = self::$trustedProxies && IpUtils::checkIp($this->server->get('REMOTE_ADDR'), self::$trustedProxies);
/* $this->isFromTrustedProxy() is private... */
if ($isFromTrustedProxy) return $this->headers->get('X-Base-Url');
else return null;
}
}Here, |
|
A slightly longer explanation can be found in my blog post about how we're using this plugin. |
|
👍 |
|
👍 Status: Reviewed |
|
Thank you @sjamaan. |
This PR was merged into the 3.1-dev branch. Discussion ---------- Make Request::isFromTrustedProxy() public. | Q | A | ------------- | --- | Branch | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | When adding custom headers to your proxy (in our particular case, a `X-Base-Url` header, but it could be anything), it is necessary to be able to tell whether the request came from a trusted proxy or not. Unfortunately, currently the `isFromTrustedProxy()` method is private, which means you'll need to subclass `Request` and add your own *differently named* method just to be able to access this information. This functionality is pretty straightforward, and I don't see a reason to keep this method private so this a trivial pull request to make it public (and it adds a comment so it'll show up in the API docs with proper documentation). Commits ------- 286f64f Make Request::isFromTrustedProxy() public.
When adding custom headers to your proxy (in our particular case, a
X-Base-Urlheader, but it could be anything), it is necessary to be able to tell whether the request came from a trusted proxy or not. Unfortunately, currently theisFromTrustedProxy()method is private, which means you'll need to subclassRequestand add your own differently named method just to be able to access this information.This functionality is pretty straightforward, and I don't see a reason to keep this method private so this a trivial pull request to make it public (and it adds a comment so it'll show up in the API docs with proper documentation).