From e23a1d284f134bfce258cf736ea8667a407ba50c Mon Sep 17 00:00:00 2001 From: Taylor Otwell Date: Wed, 29 Mar 2017 10:05:16 -0500 Subject: [PATCH] add trust proxy middleware --- app/Http/Kernel.php | 1 + app/Http/Middleware/EncryptCookies.php | 4 ++-- app/Http/Middleware/TrimStrings.php | 4 ++-- app/Http/Middleware/TrustProxies.php | 29 +++++++++++++++++++++++++ app/Http/Middleware/VerifyCsrfToken.php | 4 ++-- composer.json | 9 ++++---- 6 files changed, 41 insertions(+), 10 deletions(-) create mode 100644 app/Http/Middleware/TrustProxies.php diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 66d34c3d..93bf68bf 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -18,6 +18,7 @@ class Kernel extends HttpKernel \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, \App\Http\Middleware\TrimStrings::class, \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, + \App\Http\Middleware\TrustProxies::class, ]; /** diff --git a/app/Http/Middleware/EncryptCookies.php b/app/Http/Middleware/EncryptCookies.php index 3aa15f8d..033136ad 100644 --- a/app/Http/Middleware/EncryptCookies.php +++ b/app/Http/Middleware/EncryptCookies.php @@ -2,9 +2,9 @@ namespace App\Http\Middleware; -use Illuminate\Cookie\Middleware\EncryptCookies as BaseEncrypter; +use Illuminate\Cookie\Middleware\EncryptCookies as Middleware; -class EncryptCookies extends BaseEncrypter +class EncryptCookies extends Middleware { /** * The names of the cookies that should not be encrypted. diff --git a/app/Http/Middleware/TrimStrings.php b/app/Http/Middleware/TrimStrings.php index 943e9a4d..5a50e7b5 100644 --- a/app/Http/Middleware/TrimStrings.php +++ b/app/Http/Middleware/TrimStrings.php @@ -2,9 +2,9 @@ namespace App\Http\Middleware; -use Illuminate\Foundation\Http\Middleware\TrimStrings as BaseTrimmer; +use Illuminate\Foundation\Http\Middleware\TrimStrings as Middleware; -class TrimStrings extends BaseTrimmer +class TrimStrings extends Middleware { /** * The names of the attributes that should not be trimmed. diff --git a/app/Http/Middleware/TrustProxies.php b/app/Http/Middleware/TrustProxies.php new file mode 100644 index 00000000..801cf454 --- /dev/null +++ b/app/Http/Middleware/TrustProxies.php @@ -0,0 +1,29 @@ + 'FORWARDED', + Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR', + Request::HEADER_CLIENT_HOST => 'X_FORWARDED_HOST', + Request::HEADER_CLIENT_PORT => 'X_FORWARDED_PORT', + Request::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO', + ]; +} diff --git a/app/Http/Middleware/VerifyCsrfToken.php b/app/Http/Middleware/VerifyCsrfToken.php index a2c35414..0c13b854 100644 --- a/app/Http/Middleware/VerifyCsrfToken.php +++ b/app/Http/Middleware/VerifyCsrfToken.php @@ -2,9 +2,9 @@ namespace App\Http\Middleware; -use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier; +use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware; -class VerifyCsrfToken extends BaseVerifier +class VerifyCsrfToken extends Middleware { /** * The URIs that should be excluded from CSRF verification. diff --git a/composer.json b/composer.json index 5bb4dc0c..78354e16 100644 --- a/composer.json +++ b/composer.json @@ -5,14 +5,15 @@ "license": "MIT", "type": "project", "require": { - "php": ">=5.6.4", - "laravel/framework": "5.4.*", - "laravel/tinker": "~1.0" + "php": ">=7.0.0", + "laravel/framework": "5.5.*", + "laravel/tinker": "~1.0", + "fideloper/proxy": "~3.3" }, "require-dev": { "fzaninotto/faker": "~1.4", "mockery/mockery": "0.9.*", - "phpunit/phpunit": "~5.0" + "phpunit/phpunit": "~6.0" }, "autoload": { "classmap": [