diff --git a/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php b/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php index e529f54..db8019b 100644 --- a/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php +++ b/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php @@ -60,6 +60,9 @@ public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = $port_header = $this->settings->get('reverse_proxy_port_header', 'X_FORWARDED_PORT'); $request::setTrustedHeaderName($request::HEADER_CLIENT_PORT, $port_header); + $forwarded_header = $this->settings->get('reverse_proxy_forwarded_header', 'FORWARDED'); + $request::setTrustedHeaderName($request::HEADER_FORWARDED, $forwarded_header); + $proxies = $this->settings->get('reverse_proxy_addresses', array()); if (count($proxies) > 0) { $request::setTrustedProxies($proxies); diff --git a/core/tests/Drupal/Tests/Core/StackMiddleware/ReverseProxyMiddlewareTest.php b/core/tests/Drupal/Tests/Core/StackMiddleware/ReverseProxyMiddlewareTest.php index b5b71f2..df57290 100644 --- a/core/tests/Drupal/Tests/Core/StackMiddleware/ReverseProxyMiddlewareTest.php +++ b/core/tests/Drupal/Tests/Core/StackMiddleware/ReverseProxyMiddlewareTest.php @@ -36,14 +36,11 @@ public function setUp() { */ public function testNoProxy() { $settings = new Settings(array()); - $this->assertEquals(FALSE, $settings->get('reverse_proxy')); + $this->assertEquals(0, $settings->get('reverse_proxy')); $middleware = new ReverseProxyMiddleware($this->mockHttpKernel, $settings); // Mock a request object. - $request = $this->getMock('Symfony\Component\HttpFoundation\Request', array( - 'setTrustedHeaderName', - 'setTrustedProxies' - )); + $request = $this->getMock('Symfony\Component\HttpFoundation\Request', array('setTrustedHeaderName', 'setTrustedProxies')); // setTrustedHeaderName() should never fire. $request->expects($this->never()) ->method('setTrustedHeaderName'); @@ -57,54 +54,9 @@ public function testNoProxy() { * @dataProvider reverseProxyEnabledProvider */ public function testReverseProxyEnabled($provided_settings) { - // Enable reverse proxy and add test values. - $settings = new Settings(array('reverse_proxy' => 1) + $provided_settings); - $this->trustedHeadersAreSet($settings); - } - - /** - * Tests the ability of the http kernel to recognize that it is behind a - * crypto offloader. - */ - public function testCryptoOffload() { - $config = array( - 'reverse_proxy' => 1, - 'reverse_proxy_addresses' => array('127.0.0.2'), - ); - $settings = new Settings($config); - $request = new Request(); - $request->server->set('REMOTE_ADDR', '127.0.0.2'); - $request->headers->set('X_FORWARDED_PROTO', 'https'); - - $middleware = new ReverseProxyMiddleware($this->mockHttpKernel, $settings); - $middleware->handle($request); - - $this->assertTrue($request->isSecure()); - } - - /** - * Tests the ability of the http kernel to recognize that it is behind a - * crypto offloader. - */ - public function testBaseUrlAndPathRewrite() { - $config = array( - 'base_url' => 'http://test.base.url.and.path.rewrite.test', - 'reverse_proxy' => 1, - 'reverse_proxy_addresses' => array('127.0.0.2'), - ); - $settings = new Settings($config); - $request = new Request(); - $request->server->set('REQUEST_URI', '/'); - $request->server->set('REMOTE_ADDR', '127.0.0.2'); - $request->headers->set('X_FORWARDED_PROTO', 'https'); - $request->headers->set('X_FORWARDED_HOST', 'test.base.url.and.path.rewrite.test'); - - $middleware = new ReverseProxyMiddleware($this->mockHttpKernel, $settings); - $middleware->handle($request); - - $this->assertTrue($request->isSecure()); - $this->assertEquals('https://test.base.url.and.path.rewrite.test', $request->getSchemeAndHttpHost()); - $this->assertEquals('', $request->getBaseUrl()); + // Enable reverse proxy and add test values. + $settings = new Settings(array('reverse_proxy' => 1) + $provided_settings); + $this->trustedHeadersAreSet($settings); } /** @@ -114,15 +66,11 @@ public function reverseProxyEnabledProvider() { return array( array( array( - 'reverse_proxy_header' => 'HTTP_X_FORWARDED_FOR', - 'reverse_proxy_proto_header' => 'HTTP_X_FORWARDED_PROTO', - 'reverse_proxy_addresses' => array(), - ), - ), - array( - array( - 'reverse_proxy_header' => 'X_FORWARDED_HOST', - 'reverse_proxy_proto_header' => 'X_FORWARDED_PROTO', + 'reverse_proxy_header' => 'X_FORWARDED_FOR_CUSTOMIZED', + 'reverse_proxy_proto_header' => 'X_FORWARDED_PROTO_CUSTOMIZED', + 'reverse_proxy_host_header' => 'X_FORWARDED_HOST_CUSTOMIZED', + 'reverse_proxy_port_header' => 'X_FORWARDED_PORT_CUSTOMIZED', + 'reverse_proxy_forwarded_header' => 'FORWARDED_CUSTOMIZED', 'reverse_proxy_addresses' => array('127.0.0.2', '127.0.0.3'), ), ), @@ -146,6 +94,9 @@ protected function trustedHeadersAreSet(Settings $settings) { $middleware->handle($request); $this->assertSame($settings->get('reverse_proxy_header'), $request->getTrustedHeaderName($request::HEADER_CLIENT_IP)); $this->assertSame($settings->get('reverse_proxy_proto_header'), $request->getTrustedHeaderName($request::HEADER_CLIENT_PROTO)); + $this->assertSame($settings->get('reverse_proxy_host_header'), $request->getTrustedHeaderName($request::HEADER_CLIENT_HOST)); + $this->assertSame($settings->get('reverse_proxy_port_header'), $request->getTrustedHeaderName($request::HEADER_CLIENT_PORT)); + $this->assertSame($settings->get('reverse_proxy_forwarded_header'), $request->getTrustedHeaderName($request::HEADER_FORWARDED)); $this->assertSame($settings->get('reverse_proxy_addresses'), $request->getTrustedProxies()); } } diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php index 7ecac78..6702ca6 100644 --- a/sites/default/default.settings.php +++ b/sites/default/default.settings.php @@ -369,25 +369,31 @@ * Set this value if your proxy server sends the client IP in a header * other than X-Forwarded-For. */ -# $settings['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP'; +# $settings['reverse_proxy_header'] = 'X_CLUSTER_CLIENT_IP'; /** * Set this value if your proxy server sends the client protocol in a header * other than X-Forwarded-Proto. */ -# $conf['reverse_proxy_proto_header'] = 'HTTP_X_FORWARDED_PROTO'; +# $settings['reverse_proxy_proto_header'] = 'X_FORWARDED_PROTO'; /** * Set this value if your proxy server sends the client protocol in a header * other than X-Forwarded-Host. */ -# $conf['reverse_proxy_host_header'] = 'HTTP_X_FORWARDED_HOST'; +# $settings['reverse_proxy_host_header'] = 'X_FORWARDED_HOST'; /** * Set this value if your proxy server sends the client protocol in a header * other than X-Forwarded-Port. */ -# $conf['reverse_proxy_port_header'] = 'HTTP_X_FORWARDED_PORT'; +# $settings['reverse_proxy_port_header'] = 'X_FORWARDED_PORT'; + +/** + * Set this value if your proxy server sends the client protocol in a header + * other than Forwarded. + */ +# $settings['reverse_proxy_forwarded_header'] = 'FORWARDED'; /** * Page caching: