Chris@0
|
1 <?php
|
Chris@0
|
2
|
Chris@0
|
3 namespace Drupal\Core\StackMiddleware;
|
Chris@0
|
4
|
Chris@0
|
5 use Drupal\Core\Site\Settings;
|
Chris@0
|
6 use Symfony\Component\HttpFoundation\Request;
|
Chris@0
|
7 use Symfony\Component\HttpKernel\HttpKernelInterface;
|
Chris@0
|
8
|
Chris@0
|
9 /**
|
Chris@0
|
10 * Provides support for reverse proxies.
|
Chris@0
|
11 */
|
Chris@0
|
12 class ReverseProxyMiddleware implements HttpKernelInterface {
|
Chris@0
|
13
|
Chris@0
|
14 /**
|
Chris@0
|
15 * The decorated kernel.
|
Chris@0
|
16 *
|
Chris@0
|
17 * @var \Symfony\Component\HttpKernel\HttpKernelInterface
|
Chris@0
|
18 */
|
Chris@0
|
19 protected $httpKernel;
|
Chris@0
|
20
|
Chris@0
|
21 /**
|
Chris@0
|
22 * The site settings.
|
Chris@0
|
23 *
|
Chris@0
|
24 * @var \Drupal\Core\Site\Settings
|
Chris@0
|
25 */
|
Chris@0
|
26 protected $settings;
|
Chris@0
|
27
|
Chris@0
|
28 /**
|
Chris@0
|
29 * Constructs a ReverseProxyMiddleware object.
|
Chris@0
|
30 *
|
Chris@0
|
31 * @param \Symfony\Component\HttpKernel\HttpKernelInterface $http_kernel
|
Chris@0
|
32 * The decorated kernel.
|
Chris@0
|
33 * @param \Drupal\Core\Site\Settings $settings
|
Chris@0
|
34 * The site settings.
|
Chris@0
|
35 */
|
Chris@0
|
36 public function __construct(HttpKernelInterface $http_kernel, Settings $settings) {
|
Chris@0
|
37 $this->httpKernel = $http_kernel;
|
Chris@0
|
38 $this->settings = $settings;
|
Chris@0
|
39 }
|
Chris@0
|
40
|
Chris@0
|
41 /**
|
Chris@0
|
42 * {@inheritdoc}
|
Chris@0
|
43 */
|
Chris@0
|
44 public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = TRUE) {
|
Chris@0
|
45 // Initialize proxy settings.
|
Chris@0
|
46 static::setSettingsOnRequest($request, $this->settings);
|
Chris@0
|
47 return $this->httpKernel->handle($request, $type, $catch);
|
Chris@0
|
48 }
|
Chris@0
|
49
|
Chris@0
|
50 /**
|
Chris@0
|
51 * Sets reverse proxy settings on Request object.
|
Chris@0
|
52 *
|
Chris@0
|
53 * @param \Symfony\Component\HttpFoundation\Request $request
|
Chris@0
|
54 * A Request instance.
|
Chris@0
|
55 * @param \Drupal\Core\Site\Settings $settings
|
Chris@0
|
56 * The site settings.
|
Chris@0
|
57 */
|
Chris@0
|
58 public static function setSettingsOnRequest(Request $request, Settings $settings) {
|
Chris@0
|
59 // Initialize proxy settings.
|
Chris@0
|
60 if ($settings->get('reverse_proxy', FALSE)) {
|
Chris@0
|
61 $proxies = $settings->get('reverse_proxy_addresses', []);
|
Chris@0
|
62 if (count($proxies) > 0) {
|
Chris@18
|
63 $deprecated_settings = [
|
Chris@18
|
64 'reverse_proxy_header' => Request::HEADER_X_FORWARDED_FOR,
|
Chris@18
|
65 'reverse_proxy_proto_header' => Request::HEADER_X_FORWARDED_PROTO,
|
Chris@18
|
66 'reverse_proxy_host_header' => Request::HEADER_X_FORWARDED_HOST,
|
Chris@18
|
67 'reverse_proxy_port_header' => Request::HEADER_X_FORWARDED_PORT,
|
Chris@18
|
68 'reverse_proxy_forwarded_header' => Request::HEADER_FORWARDED,
|
Chris@18
|
69 ];
|
Chris@18
|
70
|
Chris@18
|
71 $all = $settings->getAll();
|
Chris@18
|
72 // Set the default value. This is the most relaxed setting possible and
|
Chris@18
|
73 // not recommended for production.
|
Chris@18
|
74 $trusted_header_set = Request::HEADER_X_FORWARDED_ALL | Request::HEADER_FORWARDED;
|
Chris@18
|
75 foreach ($deprecated_settings as $deprecated_setting => $bit_value) {
|
Chris@18
|
76 if (array_key_exists($deprecated_setting, $all)) {
|
Chris@18
|
77 @trigger_error(sprintf("The '%s' setting in settings.php is deprecated in Drupal 8.7.0 and will be removed before Drupal 9.0.0. Use the 'reverse_proxy_trusted_headers' setting instead. See https://www.drupal.org/node/3030558", $deprecated_setting), E_USER_DEPRECATED);
|
Chris@18
|
78 $request::setTrustedHeaderName($bit_value, $all[$deprecated_setting]);
|
Chris@18
|
79 if ($all[$deprecated_setting] === NULL) {
|
Chris@18
|
80 // If the value is NULL do not trust the header.
|
Chris@18
|
81 $trusted_header_set &= ~$bit_value;
|
Chris@18
|
82 }
|
Chris@18
|
83 }
|
Chris@18
|
84 }
|
Chris@18
|
85
|
Chris@18
|
86 $request::setTrustedProxies(
|
Chris@18
|
87 $proxies,
|
Chris@18
|
88 $settings->get('reverse_proxy_trusted_headers', $trusted_header_set)
|
Chris@18
|
89 );
|
Chris@0
|
90 }
|
Chris@0
|
91 }
|
Chris@0
|
92 }
|
Chris@0
|
93
|
Chris@0
|
94 }
|