Mirrors/shlink
1
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2026-02-28 04:03:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Allow providing hop count via TRUSTED_PROXIES

Browse Source
This commit is contained in:
Alejandro Celaya
2025-07-18 08:22:07 +02:00
parent 1f825797f6
commit 3318987d63
4 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@@ -19,6 +19,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com), and this
The new conditions match as soon as a query param exists with any or no value (in the case of `any-value-query-param`), or if a query param exists with no value at all (in the case of `valueless-query-param`). The new conditions match as soon as a query param exists with any or no value (in the case of `any-value-query-param`), or if a query param exists with no value at all (in the case of `valueless-query-param`).
* [#2387](https://github.com/shlinkio/shlink/issues/2387) Add `TRUSTED_PROXIES` env var and corresponding config option, to configure a comma-separated list of all the proxies in front of Shlink, or simply the amount of trusted proxies in front of Shlink.
This is important to properly detect visitor's IP addresses instead of incorrectly matching one of the proxy's IP address, and if provided, it disables a workaround introduced in https://github.com/shlinkio/shlink/pull/2359.
### Changed ### Changed
* [#2406](https://github.com/shlinkio/shlink/issues/2406) Remove references to bootstrap from error templates, and instead inline the very minimum required styles. * [#2406](https://github.com/shlinkio/shlink/issues/2406) Remove references to bootstrap from error templates, and instead inline the very minimum required styles.

2
composer.json
View File

@@ -47,7 +47,7 @@
"shlinkio/shlink-config": "^4.0", "shlinkio/shlink-config": "^4.0",
"shlinkio/shlink-event-dispatcher": "^4.2", "shlinkio/shlink-event-dispatcher": "^4.2",
"shlinkio/shlink-importer": "^5.6", "shlinkio/shlink-importer": "^5.6",
"shlinkio/shlink-installer": "dev-develop#9005232 as 9.6", "shlinkio/shlink-installer": "dev-develop#eef3749 as 9.6",
"shlinkio/shlink-ip-geolocation": "^4.3", "shlinkio/shlink-ip-geolocation": "^4.3",
"shlinkio/shlink-json": "^1.2", "shlinkio/shlink-json": "^1.2",
"spiral/roadrunner": "^2025.1", "spiral/roadrunner": "^2025.1",

1
config/autoload/installer.global.php
View File

@@ -80,6 +80,7 @@ return [
Option\Cors\CorsAllowOriginConfigOption::class, Option\Cors\CorsAllowOriginConfigOption::class,
Option\Cors\CorsAllowCredentialsConfigOption::class, Option\Cors\CorsAllowCredentialsConfigOption::class,
Option\Cors\CorsMaxAgeConfigOption::class, Option\Cors\CorsMaxAgeConfigOption::class,
Option\TrustedProxiesConfigOption::class,
], ],
'installation_commands' => [ 'installation_commands' => [

6
config/autoload/ip-address.global.php
View File

@@ -13,6 +13,7 @@ use const Shlinkio\Shlink\IP_ADDRESS_REQUEST_ATTRIBUTE;
return (static function (): array { return (static function (): array {
$trustedProxies = EnvVars::TRUSTED_PROXIES->loadFromEnv(); $trustedProxies = EnvVars::TRUSTED_PROXIES->loadFromEnv();
$proxiesIsHopCount = is_numeric($trustedProxies);
return [ return [
@@ -21,7 +22,10 @@ return (static function (): array {
'ip_address' => [ 'ip_address' => [
'attribute_name' => IP_ADDRESS_REQUEST_ATTRIBUTE, 'attribute_name' => IP_ADDRESS_REQUEST_ATTRIBUTE,
'check_proxy_headers' => true, 'check_proxy_headers' => true,
'trusted_proxies' => splitByComma($trustedProxies), // List of trusted proxies
'trusted_proxies' => $proxiesIsHopCount ? [] : splitByComma($trustedProxies),
// Amount of addresses to skip from the right, before finding the visitor IP address
'hop_count' => $proxiesIsHopCount ? (int) $trustedProxies : 0,
'headers_to_inspect' => [ 'headers_to_inspect' => [
'CF-Connecting-IP', 'CF-Connecting-IP',
'X-Forwarded-For', 'X-Forwarded-For',