Allow for ** wildcard to trust all proxies in a chain of proxies

This reinstates the behaviour originally present in fideveloper/trustedproxy where setting ** as the value for app.trustedProxies would allow all proxies vs * which would only allow the most recent one in a chain of proxies (as determined by $_SERVER['REMOTE_ADDR']). See fideloper/TrustedProxy@6018dfb for when & why it was originally added. The '**' wildcard was removed in v4 of that package (fideloper/TrustedProxy@1d09591) with no explanation and was never added back in when Laravel merged it into the core in laravel/framework#38295. This causes problems for environments where you have multiple proxies in a chain (i.e. Amazon CloudFront in front of Amazon ELB). These problems are documented in fideloper/TrustedProxy#115 & fideloper/TrustedProxy#107, and spawned fideloper/TrustedProxy#142 & https://github.com/ge-tracker/laravel-vapor-trusted-proxies to resolve them. Ultimately, this commit serves to reintroduce the original behaviour of fideveloper/trustproxies v3 and make it so that you can use `**` as the value for app.trustProxies in order to get the correct client IP address when running Winter on Laravel Vapor.
wintercms · Aug 4, 2022 · 411695b · 411695b
1 parent 444c099
commit 411695b
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/Foundation/Http/Middleware/CheckForTrustedProxies.php b/src/Foundation/Http/Middleware/CheckForTrustedProxies.php
@@ -98,6 +98,12 @@ protected function setTrustedProxies(Request $request)
             ]);
             return;
         }
+
+        // If all proxies are allowed, open the floodgates
+        if ($proxies === '**') {
+            $this->allowProxies($request, ['0.0.0.0/0', '2000:0:0:0:0:0:0:0/3']);
+            return;
+        }
 
         // Support comma-separated strings as well as arrays
         $proxies = (is_string($proxies))