setTrustedHeaderName() public static method

The following header keys are supported: * Request::HEADER_CLIENT_IP: defaults to X-Forwarded-For (see getClientIp()) * Request::HEADER_CLIENT_HOST: defaults to X-Forwarded-Host (see getHost()) * Request::HEADER_CLIENT_PORT: defaults to X-Forwarded-Port (see getPort()) * Request::HEADER_CLIENT_PROTO: defaults to X-Forwarded-Proto (see getScheme() and isSecure()) Setting an empty value allows to disable the trusted header for the given key.
public static setTrustedHeaderName ( string $key, string $value )
$key string The header key
$value string The header name
Example #1
0
 /**
  * @expectedException \InvalidArgumentException
  */
 public function testSetTrustedProxiesInvalidHeaderName()
 {
     Request::create('http://example.com/');
     Request::setTrustedHeaderName('bogus name', 'X_MY_FOR');
 }
 public function testTrustedProxies()
 {
     $request = Request::create('http://example.com/');
     $request->server->set('REMOTE_ADDR', '3.3.3.3');
     $request->headers->set('X_FORWARDED_FOR', '1.1.1.1, 2.2.2.2');
     $request->headers->set('X_FORWARDED_HOST', 'foo.example.com, real.example.com:8080');
     $request->headers->set('X_FORWARDED_PROTO', 'https');
     $request->headers->set('X_FORWARDED_PORT', 443);
     $request->headers->set('X_MY_FOR', '3.3.3.3, 4.4.4.4');
     $request->headers->set('X_MY_HOST', 'my.example.com');
     $request->headers->set('X_MY_PROTO', 'http');
     $request->headers->set('X_MY_PORT', 81);
     // no trusted proxies
     $this->assertEquals('3.3.3.3', $request->getClientIp());
     $this->assertEquals('example.com', $request->getHost());
     $this->assertEquals(80, $request->getPort());
     $this->assertFalse($request->isSecure());
     // disabling proxy trusting
     Request::setTrustedProxies(array());
     $this->assertEquals('3.3.3.3', $request->getClientIp());
     $this->assertEquals('example.com', $request->getHost());
     $this->assertEquals(80, $request->getPort());
     $this->assertFalse($request->isSecure());
     // trusted proxy via setTrustedProxies()
     Request::setTrustedProxies(array('3.3.3.3', '2.2.2.2'));
     $this->assertEquals('1.1.1.1', $request->getClientIp());
     $this->assertEquals('real.example.com', $request->getHost());
     $this->assertEquals(443, $request->getPort());
     $this->assertTrue($request->isSecure());
     // custom header names
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'X_MY_FOR');
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'X_MY_HOST');
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, 'X_MY_PORT');
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, 'X_MY_PROTO');
     $this->assertEquals('4.4.4.4', $request->getClientIp());
     $this->assertEquals('my.example.com', $request->getHost());
     $this->assertEquals(81, $request->getPort());
     $this->assertFalse($request->isSecure());
     // disabling via empty header names
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, null);
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, null);
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, null);
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, null);
     $this->assertEquals('3.3.3.3', $request->getClientIp());
     $this->assertEquals('example.com', $request->getHost());
     $this->assertEquals(80, $request->getPort());
     $this->assertFalse($request->isSecure());
     // reset
     Request::setTrustedProxies(array());
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'X_FORWARDED_FOR');
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'X_FORWARDED_HOST');
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_PORT, 'X_FORWARDED_PORT');
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_PROTO, 'X_FORWARDED_PROTO');
 }
 public function testESIHeaderIsKeptInSubrequestWithTrustedHeaderDisabled()
 {
     $trustedHeaderName = Request::getTrustedHeaderName(Request::HEADER_CLIENT_IP);
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, '');
     $this->testESIHeaderIsKeptInSubrequest();
     Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, $trustedHeaderName);
 }
<?php

use Shopware\Components\HttpCache\AppCache;
use Symfony\Component\HttpFoundation\Request;
/**
 * @var Composer\Autoload\ClassLoader
 */
$loader = (require __DIR__ . '/../app/autoload.php');
$environment = getenv('SHOPWARE_ENV');
$kernel = new AppKernel($environment, $environment !== 'production');
if ($kernel->isHttpCacheEnabled()) {
    $kernel = new AppCache($kernel, $kernel->getHttpCacheConfig());
}
$request = Request::createFromGlobals();
// Trust the heroku load balancer
// see: https://devcenter.heroku.com/articles/getting-started-with-symfony#trusting-the-load-balancer
Request::setTrustedProxies([$request->server->get('REMOTE_ADDR')]);
Request::setTrustedHeaderName(Request::HEADER_FORWARDED, null);
$response = $kernel->handle($request);
$response->send();