trusted proxies gets overwritten

brefphp / laravel-bridge

Package to use Laravel on AWS Lambda with Bref

https://bref.sh/docs/frameworks/laravel.html

MIT License

319 stars 63 forks source link

trusted proxies gets overwritten #48

Open justijndepover opened 3 years ago

justijndepover commented 3 years ago

I have a case where the trusted proxies should allow all ($proxies = '*';). It seems that the package overwrites the config that's been set in the TrustProxies middleware.

My solution now is to overwrite the config again in the AppServiceProvider. Is this the preferred way?

Shouldn't it be better to provide a config/serverless.php configuration file, and make that behaviour configurable?

deleugpn commented 3 years ago

The package automatically allows 0.0.0.0/0 which essentially would be the same as *, no? Can you help me understand a use case that works with * only?

justijndepover commented 3 years ago

I'm relatively new to serverless so I'm not sure if I can provide much details.

In my case I have to overwrite the setting again or else my redirects, generated urls, asset urls, ... are all generated with the wrong domain.

buddhaCode commented 2 years ago

In a brand new Laravel 8 installation, this package doesn't overwrite the trusted proxies configuration. The config @deleugpn mentioned only overrides the trusted proxy config, when the fideloper/TrustedProxy is used. I guess this package was used prior to Laravel 5.something.

t-richard commented 2 years ago

Someone faced this issue again today (see https://github.com/brefphp/bref/discussions/1159)

I backtraced the issue to this PR in laravel https://github.com/laravel/framework/pull/38295

Since laravel 8, they backported the Trustproxies middleware inside Laravel itself but dropped the possibility to configure it through config

In contrary to the original package, all configuration is done through overwriting properties

Not sure what is the proper Laravel way to handle this. Maybe we should just update the Bref documentation as it's done for Symfony ATM https://bref.sh/docs/frameworks/symfony.html#trust-api-gateway

mnapoli commented 2 years ago

@t-richard thanks a lot for tracking this!

Maybe our immediate option would be to document this then indeed. PRs are welcome!

t-richard commented 2 years ago

@mnapoli actually someone already went ahead and opened a PR https://github.com/brefphp/bref/pull/1160

mnapoli commented 2 years ago

👍 it's merged and live: https://bref.sh/docs/frameworks/laravel.html#trusted-proxies