Latest update breaks TRUSTED-PROXYS-Option

Manni · November 1, 2021, 12:45pm

As v5 is completely broken in my opinion (I’ve created a different thread for that a while ago) I am staying on v4. There was an update released in the last few days that broke v4. The issue is, that setTrustedProxies() required 2 arguments, there is just a single one passed though. I fixed it by changing app/Http/Middleware/StartupCheck.php on line 41:

    if (isset($_ENV['TRUSTED_PROXIES'])) {
        if (env('TRUSTED_PROXIES') == '*') {
            $request->setTrustedProxies(['127.0.0.1', $request->server->get('REMOTE_ADDR')], \Illuminate\Http\Request::HEADER_X_FORWARDED_ALL);
        } else{
            $request->setTrustedProxies(array_map('trim', explode(',', env('TRUSTED_PROXIES'))), \Illuminate\Http\Request::HEADER_X_FORWARDED_ALL);
        }
    }

Please don’t break v4 now aswell, then I would have to stop updating and that’s usually not a good idea…

hillel · November 1, 2021, 2:17pm

Hi,

If last you tried v5 a while ago I suggest trying it again, we’ve made many improvements.

Thanks for the correction! cc @david

david · November 1, 2021, 7:49pm

@Manni

The changes were implemented to support PHP 7.4 and Laravel 6 to keep v4 inside all the security releases… ie… extending support for v4 for a little bit longer.

If you’d like to PR your changes we can merge into master.