symfony
diff --git a/‎UPGRADE-5.3.md
Copy file name to clipboard
+12Lines changed: 12 additions & 0 deletions b/‎UPGRADE-5.3.md
Copy file name to clipboard
+12Lines changed: 12 additions & 0 deletions
diff --git a/‎UPGRADE-6.0.md
Copy file name to clipboardExpand all lines: UPGRADE-6.0.md
+2Lines changed: 2 additions & 0 deletions b/‎UPGRADE-6.0.md
Copy file name to clipboardExpand all lines: UPGRADE-6.0.md
+2Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Bridge/Monolog/Tests/Processor/WebProcessorTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bridge/Monolog/Tests/Processor/WebProcessorTest.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bridge/Monolog/Tests/Processor/WebProcessorTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bridge/Monolog/Tests/Processor/WebProcessorTest.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
+6Lines changed: 6 additions & 0 deletions b/‎src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
+6Lines changed: 6 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+2-1Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+2-1Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
+3-3Lines changed: 3 additions & 3 deletions b/‎src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
+3-3Lines changed: 3 additions & 3 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/CHANGELOG.md
+5Lines changed: 5 additions & 0 deletions b/‎src/Symfony/Component/HttpFoundation/CHANGELOG.md
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/CHANGELOG.md
+5Lines changed: 5 additions & 0 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/Request.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Request.php
+15-10Lines changed: 15 additions & 10 deletions b/‎src/Symfony/Component/HttpFoundation/Request.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Request.php
+15-10Lines changed: 15 additions & 10 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
+24-11Lines changed: 24 additions & 11 deletions b/‎src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
+24-11Lines changed: 24 additions & 11 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php
+1-1Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,12 @@
+UPGRADE FROM 5.2 to 5.3
+=======================
+
+FrameworkBundle
+---------------
+
+ * Deprecated the `x-forwarded-all` option. Use a combination of `x-forwarded-*` options instead.
+
+HttpFoundation
+--------------
+
+ * Deprecated the `Request::HEADER_X_FORWARDED_ALL` constant. Use a combination of `HEADER_X_FORWARDED_*` constants instead.
@@ -59,6 +59,7 @@ FrameworkBundle
  * The `form.factory`, `form.type.file`, `translator`, `security.csrf.token_manager`, `serializer`,
    `cache_clearer`, `filesystem` and `validator` services are now private.
  * Removed the `lock.RESOURCE_NAME` and `lock.RESOURCE_NAME.store` services and the `lock`, `LockInterface`, `lock.store` and `PersistingStoreInterface` aliases, use `lock.RESOURCE_NAME.factory`, `lock.factory` or `LockFactory` instead.
+ * Removed the `x-forwarded-all` option.
 
 HttpFoundation
 --------------
@@ -67,6 +68,7 @@ HttpFoundation
    `RedirectResponse::create()`, and `StreamedResponse::create()` methods (use
    `__construct()` instead)
  * Not passing a `Closure` together with `FILTER_CALLBACK` to `ParameterBag::filter()` throws an `InvalidArgumentException`; wrap your filter in a closure instead.
+ * Removed the `Request::HEADER_X_FORWARDED_ALL` constant. Use a combination of `HEADER_X_FORWARDED_*` constants instead.
 
 HttpKernel
 ----------
 
@@ -38,7 +38,7 @@ public function testUsesRequestServerData()
 
     public function testUseRequestClientIp()
     {
-        Request::setTrustedProxies(['192.168.0.1'], Request::HEADER_X_FORWARDED_ALL);
+        Request::setTrustedProxies(['192.168.0.1'], Request::HEADER_X_FORWARDED_FOR);
         [$event, $server] = $this->createRequestEvent(['X_FORWARDED_FOR' => '192.168.0.2']);
 
         $processor = new WebProcessor();
 
@@ -1,6 +1,12 @@
 CHANGELOG
 =========
 
+5.3.0
+-----
+
+ * Deprecated the `x-forwarded-all` option. Use `x-forwarded-*` instead.
+
+
 5.2.0
 -----
 
 
@@ -92,7 +92,7 @@ public function getConfigTreeBuilder()
                 ->arrayNode('trusted_headers')
                     ->fixXmlConfig('trusted_header')
                     ->performNoDeepMerging()
-                    ->defaultValue(['x-forwarded-all', '!x-forwarded-host', '!x-forwarded-prefix'])
+                    ->defaultValue(['x-forwarded-for', 'x-forwarded-port', 'x-forwarded-proto'])
                     ->beforeNormalization()->ifString()->then(function ($v) { return $v ? array_map('trim', explode(',', $v)) : []; })->end()
                     ->enumPrototype()
                         ->values([
 
@@ -2296,10 +2296,11 @@ private function resolveTrustedHeaders(array $headers): int
                 case 'x-forwarded-port': $trustedHeaders |= Request::HEADER_X_FORWARDED_PORT; break;
                 case '!x-forwarded-host': $trustedHeaders &= ~Request::HEADER_X_FORWARDED_HOST; break;
                 case 'x-forwarded-all':
+                    trigger_deprecation('symfony/framework-bundle', '5.3', 'The "x-forwarded-all" configuration option is deprecated, Use a combination of "x-forwarded-*" options instead.');
                     if (!\in_array('!x-forwarded-prefix', $headers)) {
                         throw new LogicException('When using "x-forwarded-all" in "framework.trusted_headers", "!x-forwarded-prefix" must be explicitly listed until support for X-Forwarded-Prefix is implemented.');
                     }
-                    $trustedHeaders |= Request::HEADER_X_FORWARDED_ALL;
+                    $trustedHeaders |= Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO;
                     break;
             }
         }
 
@@ -341,9 +341,9 @@ protected static function getBundleDefaultConfig()
             'secret' => 's3cr3t',
             'trusted_hosts' => [],
             'trusted_headers' => [
-                'x-forwarded-all',
-                '!x-forwarded-host',
-                '!x-forwarded-prefix',
+                'x-forwarded-for',
+                'x-forwarded-port',
+                'x-forwarded-proto',
             ],
             'csrf_protection' => [
                 'enabled' => false,
 
@@ -1,6 +1,11 @@
 CHANGELOG
 =========
 
+5.3.0
+-----
+
+ * Deprecated the `Request::HEADER_X_FORWARDED_ALL` constant. Use a combination of `HEADER_X_FORWARDED_*` constants instead.
+
 5.2.0
 -----
 
 
@@ -40,16 +40,18 @@ class_exists(ServerBag::class);
  */
 class Request
 {
-    const HEADER_FORWARDED = 0b000001; // When using RFC 7239
-    const HEADER_X_FORWARDED_FOR = 0b000010;
-    const HEADER_X_FORWARDED_HOST = 0b000100;
-    const HEADER_X_FORWARDED_PROTO = 0b001000;
-    const HEADER_X_FORWARDED_PORT = 0b010000;
-    const HEADER_X_FORWARDED_PREFIX = 0b100000;
-
-    const HEADER_X_FORWARDED_ALL = 0b011110; // All "X-Forwarded-*" headers sent by "usual" reverse proxy
-    const HEADER_X_FORWARDED_AWS_ELB = 0b011010; // AWS ELB doesn't send X-Forwarded-Host
-    const HEADER_X_FORWARDED_TRAEFIK = 0b111110; // All "X-Forwarded-*" headers sent by Traefik reverse proxy
+    const HEADER_FORWARDED = 0b0000001; // When using RFC 7239
+    const HEADER_X_FORWARDED_FOR = 0b0000010;
+    const HEADER_X_FORWARDED_HOST = 0b0000100;
+    const HEADER_X_FORWARDED_PROTO = 0b0001000;
+    const HEADER_X_FORWARDED_PORT = 0b0010000;
+    const HEADER_X_FORWARDED_PREFIX = 0b0100000;
+    private const CONST_DEPRECATED = 0b10000000; // reserved to deprecate constants
+
+    /** @deprecated since Symfony 5.3, to be removed in 6.0. Use a combination of HEADER_X_FORWARDED_* constants instead. */
+    const HEADER_X_FORWARDED_ALL = 0b10011110; // All "X-Forwarded-*" headers sent by "usual" reverse proxy
+    const HEADER_X_FORWARDED_AWS_ELB = 0b00011010; // AWS ELB doesn't send X-Forwarded-Host
+    const HEADER_X_FORWARDED_TRAEFIK = 0b00111110; // All "X-Forwarded-*" headers sent by Traefik reverse proxy
 
     const METHOD_HEAD = 'HEAD';
     const METHOD_GET = 'GET';
@@ -593,6 +595,9 @@ public function overrideGlobals()
      */
     public static function setTrustedProxies(array $proxies, int $trustedHeaderSet)
     {
+        if (self::HEADER_X_FORWARDED_ALL === $trustedHeaderSet) {
+            trigger_deprecation('symfony/http-fundation', '5.3', 'The "HEADER_X_FORWARDED_ALL" constant is deprecated, Use a combination of `HEADER_X_FORWARDED_*` constants instead.');
+        }
         self::$trustedProxies = array_reduce($proxies, function ($proxies, $proxy) {
             if ('REMOTE_ADDR' !== $proxy) {
                 $proxies[] = $proxy;
 
@@ -12,6 +12,7 @@
 namespace Symfony\Component\HttpFoundation\Tests;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
 use Symfony\Component\HttpFoundation\Exception\JsonException;
 use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;
 use Symfony\Component\HttpFoundation\InputBag;
@@ -22,6 +23,8 @@
 
 class RequestTest extends TestCase
 {
+    use ExpectDeprecationTrait;
+
     protected function tearDown(): void
     {
         Request::setTrustedProxies([], -1);
@@ -867,7 +870,7 @@ public function testGetPort()
 
         $this->assertEquals(80, $port, 'Without trusted proxies FORWARDED_PROTO and FORWARDED_PORT are ignored.');
 
-        Request::setTrustedProxies(['1.1.1.1'], Request::HEADER_X_FORWARDED_ALL);
+        Request::setTrustedProxies(['1.1.1.1'], Request::HEADER_X_FORWARDED_PROTO | Request::HEADER_X_FORWARDED_PORT);
         $request = Request::create('http://example.com', 'GET', [], [], [], [
             'HTTP_X_FORWARDED_PROTO' => 'https',
             'HTTP_X_FORWARDED_PORT' => '8443',
@@ -1091,7 +1094,7 @@ public function testGetClientIpsWithConflictingHeaders($httpForwarded, $httpXFor
             'HTTP_X_FORWARDED_FOR' => $httpXForwardedFor,
         ];
 
-        Request::setTrustedProxies(['88.88.88.88'], Request::HEADER_X_FORWARDED_ALL | Request::HEADER_FORWARDED);
+        Request::setTrustedProxies(['88.88.88.88'], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_FORWARDED);
 
         $request->initialize([], [], [], [], [], $server);
 
@@ -1349,7 +1352,7 @@ public function testOverrideGlobals()
 
         $request->headers->set('X_FORWARDED_PROTO', 'https');
 
-        Request::setTrustedProxies(['1.1.1.1'], Request::HEADER_X_FORWARDED_ALL);
+        Request::setTrustedProxies(['1.1.1.1'], Request::HEADER_X_FORWARDED_PROTO);
         $this->assertFalse($request->isSecure());
         $request->server->set('REMOTE_ADDR', '1.1.1.1');
         $this->assertTrue($request->isSecure());
@@ -1830,7 +1833,7 @@ private function getRequestInstanceForClientIpTests(string $remoteAddr, ?string
         }
 
         if ($trustedProxies) {
-            Request::setTrustedProxies($trustedProxies, Request::HEADER_X_FORWARDED_ALL);
+            Request::setTrustedProxies($trustedProxies, Request::HEADER_X_FORWARDED_FOR);
         }
 
         $request->initialize([], [], [], [], [], $server);
@@ -1873,35 +1876,35 @@ public function testTrustedProxiesXForwardedFor()
         $this->assertFalse($request->isSecure());
 
         // disabling proxy trusting
-        Request::setTrustedProxies([], Request::HEADER_X_FORWARDED_ALL);
+        Request::setTrustedProxies([], Request::HEADER_X_FORWARDED_FOR);
         $this->assertEquals('3.3.3.3', $request->getClientIp());
         $this->assertEquals('example.com', $request->getHost());
         $this->assertEquals(80, $request->getPort());
         $this->assertFalse($request->isSecure());
 
         // request is forwarded by a non-trusted proxy
-        Request::setTrustedProxies(['2.2.2.2'], Request::HEADER_X_FORWARDED_ALL);
+        Request::setTrustedProxies(['2.2.2.2'], Request::HEADER_X_FORWARDED_FOR);
         $this->assertEquals('3.3.3.3', $request->getClientIp());
         $this->assertEquals('example.com', $request->getHost());
         $this->assertEquals(80, $request->getPort());
         $this->assertFalse($request->isSecure());
 
         // trusted proxy via setTrustedProxies()
-        Request::setTrustedProxies(['3.3.3.3', '2.2.2.2'], Request::HEADER_X_FORWARDED_ALL);
+        Request::setTrustedProxies(['3.3.3.3', '2.2.2.2'], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO);
         $this->assertEquals('1.1.1.1', $request->getClientIp());
         $this->assertEquals('foo.example.com', $request->getHost());
         $this->assertEquals(443, $request->getPort());
         $this->assertTrue($request->isSecure());
 
         // trusted proxy via setTrustedProxies()
-        Request::setTrustedProxies(['3.3.3.4', '2.2.2.2'], Request::HEADER_X_FORWARDED_ALL);
+        Request::setTrustedProxies(['3.3.3.4', '2.2.2.2'], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO);
         $this->assertEquals('3.3.3.3', $request->getClientIp());
         $this->assertEquals('example.com', $request->getHost());
         $this->assertEquals(80, $request->getPort());
         $this->assertFalse($request->isSecure());
 
         // check various X_FORWARDED_PROTO header values
-        Request::setTrustedProxies(['3.3.3.3', '2.2.2.2'], Request::HEADER_X_FORWARDED_ALL);
+        Request::setTrustedProxies(['3.3.3.3', '2.2.2.2'], Request::HEADER_X_FORWARDED_PROTO);
         $request->headers->set('X_FORWARDED_PROTO', 'ssl');
         $this->assertTrue($request->isSecure());
 
@@ -2377,7 +2380,7 @@ public function testTrustedPort()
 
     public function testTrustedPortDoesNotDefaultToZero()
     {
-        Request::setTrustedProxies(['1.1.1.1'], Request::HEADER_X_FORWARDED_ALL);
+        Request::setTrustedProxies(['1.1.1.1'], Request::HEADER_X_FORWARDED_FOR);
 
         $request = Request::create('/');
         $request->server->set('REMOTE_ADDR', '1.1.1.1');
@@ -2393,7 +2396,7 @@ public function testTrustedPortDoesNotDefaultToZero()
     public function testTrustedProxiesRemoteAddr($serverRemoteAddr, $trustedProxies, $result)
     {
         $_SERVER['REMOTE_ADDR'] = $serverRemoteAddr;
-        Request::setTrustedProxies($trustedProxies, Request::HEADER_X_FORWARDED_ALL);
+        Request::setTrustedProxies($trustedProxies, Request::HEADER_X_FORWARDED_FOR);
         $this->assertSame($result, Request::getTrustedProxies());
     }
 
@@ -2464,6 +2467,16 @@ public function preferSafeContentData()
             ],
         ];
     }
+
+    /**
+     * @group legacy
+     */
+    public function testXForwarededAllConstantDeprecated()
+    {
+        $this->expectDeprecation('Since symfony/http-fundation 5.3: The "HEADER_X_FORWARDED_ALL" constant is deprecated, Use a combination of `HEADER_X_FORWARDED_*` constants instead.');
+
+        Request::setTrustedProxies([], Request::HEADER_X_FORWARDED_ALL);
+    }
 }
 
 class RequestContentProxy extends Request
 
@@ -1361,7 +1361,7 @@ public function testClientIpIsAlwaysLocalhostForForwardedRequests()
      */
     public function testHttpCacheIsSetAsATrustedProxy(array $existing)
     {
-        Request::setTrustedProxies($existing, Request::HEADER_X_FORWARDED_ALL);
+        Request::setTrustedProxies($existing, Request::HEADER_X_FORWARDED_FOR);
 
         $this->setNextResponse();
         $this->request('GET', '/', ['REMOTE_ADDR' => '10.0.0.1']);
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ public function testUsesRequestServerData()`
`38`	`38`
`39`	`39`	`public function testUseRequestClientIp()`
`40`	`40`	`{`
`41`		`- Request::setTrustedProxies(['192.168.0.1'], Request::HEADER_X_FORWARDED_ALL);`
	`41`	`+ Request::setTrustedProxies(['192.168.0.1'], Request::HEADER_X_FORWARDED_FOR);`
`42`	`42`	`[$event, $server] = $this->createRequestEvent(['X_FORWARDED_FOR' => '192.168.0.2']);`
`43`	`43`
`44`	`44`	`$processor = new WebProcessor();`
Original file line number	Diff line number	Diff line change
`@@ -2296,10 +2296,11 @@ private function resolveTrustedHeaders(array $headers): int`
`2296`	`2296`	`case 'x-forwarded-port': $trustedHeaders \|= Request::HEADER_X_FORWARDED_PORT; break;`
`2297`	`2297`	`case '!x-forwarded-host': $trustedHeaders &= ~Request::HEADER_X_FORWARDED_HOST; break;`
`2298`	`2298`	`case 'x-forwarded-all':`
	`2299`	`+ trigger_deprecation('symfony/framework-bundle', '5.3', 'The "x-forwarded-all" configuration option is deprecated, Use a combination of "x-forwarded-*" options instead.');`
`2299`	`2300`	`if (!\in_array('!x-forwarded-prefix', $headers)) {`
`2300`	`2301`	`throw new LogicException('When using "x-forwarded-all" in "framework.trusted_headers", "!x-forwarded-prefix" must be explicitly listed until support for X-Forwarded-Prefix is implemented.');`
`2301`	`2302`	`}`
`2302`		`- $trustedHeaders \|= Request::HEADER_X_FORWARDED_ALL;`
	`2303`	`+ $trustedHeaders \|= Request::HEADER_X_FORWARDED_FOR \| Request::HEADER_X_FORWARDED_HOST \| Request::HEADER_X_FORWARDED_PORT \| Request::HEADER_X_FORWARDED_PROTO;`
`2303`	`2304`	`break;`
`2304`	`2305`	`}`
`2305`	`2306`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1361,7 +1361,7 @@ public function testClientIpIsAlwaysLocalhostForForwardedRequests()`
`1361`	`1361`	`*/`
`1362`	`1362`	`public function testHttpCacheIsSetAsATrustedProxy(array $existing)`
`1363`	`1363`	`{`
`1364`		`- Request::setTrustedProxies($existing, Request::HEADER_X_FORWARDED_ALL);`
	`1364`	`+ Request::setTrustedProxies($existing, Request::HEADER_X_FORWARDED_FOR);`
`1365`	`1365`
`1366`	`1366`	`$this->setNextResponse();`
`1367`	`1367`	`$this->request('GET', '/', ['REMOTE_ADDR' => '10.0.0.1']);`