Internal: Add support for reverse proxies by taking the TRUSTED_PROXIES settings from .env into account

Author: ywarnier

.env.dist

@@ -19,7 +19,7 @@ DATABASE_PASSWORD='{{DATABASE_PASSWORD}}'
 APP_ENV='dev'
 APP_SECRET='{{APP_SECRET}}'
 APP_DEBUG='1'
-#TRUSTED_PROXIES=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+TRUSTED_PROXIES=127.0.0.1
 #TRUSTED_HOSTS='^(localhost|example\.com)$'
 ###< symfony/framework-bundle ###
 

config/packages/framework.yaml

@@ -18,6 +18,9 @@ framework:
     php_errors:
         log: true
     serializer: {enable_annotations: true}
+    trusted_proxies: '%env(TRUSTED_PROXIES)%'
+    trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port']
+    # For legacy code (ending in ".php"), also edit public/main/inc/global.inc.php according to the changes you make here
 
 when@test:
     framework:

public/main/inc/global.inc.php

@@ -68,6 +68,13 @@
     $kernel = new Chamilo\Kernel($env, $debug);
     // Loading Request from Sonata. In order to use Sonata Pages Bundle.
     $request = Request::createFromGlobals();
+    if (!empty($_SERVER['TRUSTED_PROXIES'])) {
+        $request->setTrustedProxies(
+            preg_split('#,#', $_SERVER['TRUSTED_PROXIES']),
+            Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_PROTO | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT
+        );
+        // TRUSTED_PROXIES must be defined in .env. For non-legacy code, check config/packages/framework.yaml
+    }
     // This 'load_legacy' variable is needed to know that symfony is loaded using old style legacy mode,
     // and not called from a symfony controller from public/
     $request->request->set('load_legacy', true);