symfony: Forwarded header not used in Request::getPort() and Request::getScheme()

Description If I’m not wrong, the Forwarded header is not being used to detect the port and scheme of the request.

As the documentation does not state any of this, I’m not sure if this would be a bug, a documentation error, or a feature request: image

Example As for a header like for=xx.xx.xxx.xx;proto=https;host=xxxxxxxxxxx.localhost.run, the Router component generates absolute URLs with the correct host, but the schema is set to http.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 20 (12 by maintainers)

Most upvoted comments

@xabbuh this is a valid request. The code of HttpFoundation is indeed not supporting Forwarded in getPort and isSecure but only the X-Forwarded-* header. When implementing support for Forwarded, it was done in an incomplete way, considering that it is a standard replacement for X-Forwarded-For only, while it is meant to replace all the X-Forwarded-* headers of the de-facto standard.

+2
stof on Mar 22, 2021

IIRC I was able to reproduce this locally. I will try to find some time to look into it again.

+1
xabbuh on Jun 22, 2021

Indeed, @stof is right here. isSecure() only considers the X-Forwarded-Proto header.

+1
xabbuh on Mar 22, 2021
Read more comments on GitHub
← symfony: [Form] With a CheckboxType, form_label is empty and form_widget renders form_row
symfony: [Framework bundle] Cleanup error and exception handlers on Kernel shutdown →