Added note about trusted proxies and hosts#586
Added note about trusted proxies and hosts#586Nyholm wants to merge 2 commits intobrefphp:masterfrom
Conversation
| If your application needs the user's IP you must fetch it from the `LAMBDA_CONTEXT` variable. | ||
| Modify `public/index.php` accordingly. | ||
|
|
||
| ```diff |
| environment: | ||
| APP_ENV: prod | ||
| TRUSTED_PROXIES: '127.0.0.1' | ||
| TRUSTED_HOSTS: '^api\.example\.com$' |
There was a problem hiding this comment.
Where are these environment variables used? I can't see them in the diff.
There was a problem hiding this comment.
They are used in the Symfony default index.php
https://github.com/symfony/recipes/blob/master/symfony/framework-bundle/5.1/public/index.php
There was a problem hiding this comment.
Oh I think I understand from the diff above:
That could be done with [environment variables](#Environment variables) or by running
these lines inpublic/index.php.
Simply setting those variables is enough? I would say that it's better to document one solution, it is simpler and less confusing. The env var seem quite simple to setup (compared to editing Symfony code), what do you think?
There was a problem hiding this comment.
Thanks for the link, turns out we commented at the same time.
What do you think about recommending only the environment variables? (for simplicity)
| ## Getting the user's IP | ||
|
|
||
| If your application needs the user's IP you must fetch it from the `LAMBDA_CONTEXT` variable. | ||
| Modify `public/index.php` accordingly. |
There was a problem hiding this comment.
Would it make sense to forward those values automatically in Bref itself?
I.e. maybe (not sure) set a header with the value that is in the lambda context?
There was a problem hiding this comment.
Many of these solutions were discussed in #501
However, I do think it makes sense to cherry-pick useful variables. Ie creating LAMBDA_CONTEXT_IDENTITY_SOURCEIP
There was a problem hiding this comment.
Right, but beyond #501 (which is about the request context containing many things), I'm focusing especially on HTTP-related stuff here: if we have the clients' IP address, we could maybe "fix" the HTTP headers (in the FPM runtime only) so that they contain the correct values out of the box?
|
Closing for now (closing all stuck issues/PR from the tracker to better track the ongoing work). |
2 participants
Trusted proxies are for:
Trusted hosts are for:
This update is probably needed for Laravel too. I leave that some someone else to contribute.