Trust CodeFirst reverse proxy

2024-06-07 20:02:24 +02:00
parent 5a8c01e6ef
commit bef107c9b0
3 changed files with 4 additions and 1 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -61,6 +61,7 @@ steps:
      CODEFIRST_CLIENTDRONE_ENV_SERVER_NAME: http://codefirst.iut.uca.fr
      CODEFIRST_CLIENTDRONE_ENV_CORS_ALLOW_ORIGIN: https://codefirst.iut.uca.fr
      CODEFIRST_CLIENTDRONE_ENV_ASSETS_BASE_PATH: /containers/clementfreville2-herbarium
+      CODEFIRST_CLIENTDRONE_ENV_TRUSTED_PROXIES: REMOTE_ADDR
    depends_on:
      - docker-image
    when:
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -5,7 +5,7 @@ framework:

    assets:
        base_path: '%env(ASSETS_BASE_PATH)%'
-    trusted_proxies: '127.0.0.1,private_ranges'
+    trusted_proxies: '%env(TRUSTED_PROXIES)%'
    trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix']

    # Note that the session will be started ONLY if you read or write from it.
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -4,6 +4,8 @@
 # Put parameters here that don't need to change on each machine where the app is deployed
 # https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
 parameters:
+    trusted_proxies: '%env(TRUSTED_PROXIES)%'
+    env(TRUSTED_PROXIES): 127.0.0.1

 services:
    # default configuration for services in *this* file