There are circumstances when client IPs need to be used in an access control method. The current priority value causes ReverseProxyHeaderClientIpRestore::onRequest to run after both Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest and Drupal\Core\EventSubscriber\AuthenticationSubscriber::getSubscribedEvents
hook_ENTITY_TYPE_access() and set a breakpoint or diagnostic statement in the functionif (!$reverse_proxy_header_name) in ReverseProxyHeaderClientIpRestore::onRequestObserve that the hook_ENTITY_TYPE_access() implementation runs before this module can set the client IP.
Increase the priority of the event response so that it preceeds these other event responses. AuthenticationSubscriber runs at priority 300.
None.
None.
None.
None.
Show commandsStart within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
changes, plain diff MR !2
Comments
Comment #3
bohartThanks for the merge request and great details on both issue description and code comments!
The only thing I am confused about is: what happened if someone/sometimes needs to put something between ReverseProxyHeaderClientIpRestore::onRequest (priority 301) and AuthenticationSubscriber::onRequest (priority 300)?
So I would like to propose to have priority like 350/400.
How do we feel about that?
Thanks!
Comment #4
fathershawnThat sounds like a fine idea
Comment #7
bohartCommitted to 1.0.x dev branch.
It will be a part of the next release (1.0.1).
Thanks!