Open PauluzzNL opened 2 years ago
@paragonie-security I've thought about your suggestion and played around a bit but I think there's several approaches that I wanted to check with you first.
Especially for the IP filtering for CloudFlare, there's multiple options:
or
in that case there's also two options:
Could you share with me your preferences?
The library's default is to have the HMAC IP check enabled. This gives issues with sites that run through CloudFlare as the remote IP that CloudFlare connects from is different through requests. Thus this could result in an invalid request already if you have a page open for 2 minutes.
The added functionality adds support for the CloudFlare connecting IP and other commonly used proxy methods. With these changes you can continue to use the HMAC check through CloudFlare/proxies.