Ensure trusted proxies are set before calling Request::isSecure() [#2303735]

From what I can tell the reverse_proxy settings are not wired up yet. Attached is a patch that uses them in DrupalKernel::initializeRequestGlobals().

It is just adding the small snippet below:

      // Initialize proxy settings.
      if (Settings::get('reverse_proxy', FALSE)) {
        $proxies = Settings::get('reverse_proxy_addresses', array());
        if (count($proxies) > 0) {
          Request::setTrustedProxies($proxies);
        }
      }

Comment	File	Size	Author
	DrupalKernel.php_.patch	839 bytes	judahtanthony

Comments

Comment #1

dawehner

German

commented 16 July 2014 at 08:11

Issue tags:

+Needs tests

See \Drupal\Core\EventSubscriber\ReverseProxySubscriber ... so are you sure that we need this?

Maybe we do have to adapt the priority of this listener or actually implement it with stackphp.
Given that this is a bug we should consider to write a test, if it really does not work.

Comment #2

bzrudi71 commented 16 July 2014 at 08:39

Comment #3

judahtanthony commented 31 July 2014 at 15:19

The reason I put it here was because you have to know that you are behind a proxy before you call $request->isSecure() as the proxy can terminate the SSL connection, and just passes on a header to flag it as a secure connection. $request->isSecure() correctly looks for the header, but it needs to be informed first.

Comment #4

alexpott

he/they

English

🇪🇺🌍

commented 9 August 2014 at 19:53

Title:	Initialize proxy inform with reverse_proxy and reverse_proxy_addresses	» Ensure trusted proxies are set before calling Request::isSecure()
Issue tags:		+Needs issue summary update

Nice find.