Open justijndepover opened 3 years ago
The package automatically allows 0.0.0.0/0 which essentially would be the same as *
, no?
Can you help me understand a use case that works with *
only?
I'm relatively new to serverless so I'm not sure if I can provide much details.
In my case I have to overwrite the setting again or else my redirects, generated urls, asset urls, ... are all generated with the wrong domain.
In a brand new Laravel 8 installation, this package doesn't overwrite the trusted proxies configuration. The config @deleugpn mentioned only overrides the trusted proxy config, when the fideloper/TrustedProxy
is used. I guess this package was used prior to Laravel 5.something.
Someone faced this issue again today (see https://github.com/brefphp/bref/discussions/1159)
I backtraced the issue to this PR in laravel https://github.com/laravel/framework/pull/38295
Since laravel 8, they backported the Trustproxies middleware inside Laravel itself but dropped the possibility to configure it through config
In contrary to the original package, all configuration is done through overwriting properties
Not sure what is the proper Laravel way to handle this. Maybe we should just update the Bref documentation as it's done for Symfony ATM https://bref.sh/docs/frameworks/symfony.html#trust-api-gateway
@t-richard thanks a lot for tracking this!
Maybe our immediate option would be to document this then indeed. PRs are welcome!
@mnapoli actually someone already went ahead and opened a PR https://github.com/brefphp/bref/pull/1160
👍 it's merged and live: https://bref.sh/docs/frameworks/laravel.html#trusted-proxies
Hi
I have a case where the trusted proxies should allow all (
$proxies = '*';
). It seems that the package overwrites the config that's been set in theTrustProxies
middleware.My solution now is to overwrite the config again in the
AppServiceProvider
. Is this the preferred way?Shouldn't it be better to provide a
config/serverless.php
configuration file, and make that behaviour configurable?