mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 09:35:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow users to set trusted proxies for header override.

Browse source 
This should fix issue #145.
This commit is contained in:
Jan Böhmer 2022-07-17 22:47:30 +02:00
parent 7a14fb60d3
commit 9cc4226726
2 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
config/packages/framework.yaml
View file

@ -4,6 +4,15 @@ framework:
csrf_protection: true
http_method_override: false
# Allow users to configure trusted hosts via .env variables
# see https://symfony.com/doc/current/reference/configuration/framework.html#trusted-hosts
trusted_hosts: '%env(TRUSTED_HOSTS)%'
# Allow users to configure reverse proxies via .env variables. Default values are defined in parameters.yaml.
trusted_proxies: '%env(TRUSTED_PROXIES)%'
# Trust all headers by default. X-Forwared-Host can be a security risk if your reverse proxy doesn't set it.
trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix']
# Enables session support. Note that the session will ONLY be started if you read or write from it.
# Remove or comment this section to explicitly disable session support.
session:

3
config/parameters.yaml
View file

@ -50,4 +50,5 @@ parameters:
env(DEMO_MODE): 0
env(ALLOW_ATTACHMENT_DOWNLOADS): 0
env(TRUSTED_PROXIES): '127.0.0.1' #By default trust only our own server
env(TRUSTED_HOSTS): '' # Trust all host names by default