ge-tracker / laravel-vapor-trusted-proxies
Build a dynamic list of trusted proxies for use with Laravel Vapor
Installs: 37 515
Dependents: 0
Suggesters: 0
Security: 0
Stars: 7
Watchers: 2
Forks: 0
Open Issues: 0
Requires
- php: ^8.0
- illuminate/http: ^9.0 || ^10.0 || ^11.0
- illuminate/support: ^9.0 || ^10.0 || ^11.0
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.6
- gtjamesa/php-standards: ^2.0
- orchestra/testbench: ^7.0 || ^8.0 || ^9.0
- phpunit/phpunit: ^9.5 || ^10.0
README
This package was created due to request()->ip()
always returning 127.0.0.1
on Laravel Vapor. There are several fixes online that trust all proxy servers. These solutions may be suitable for basic applications, however, these changes will allow any user to send the X-FORWARDED-FOR
header to spoof their originating IP address.
Due to the dynamic nature of Laravel Vapor, it becomes a challenge to set the trusted proxies for your Laravel application. If you rely on the IP address of the user being valid, then this package is for you!
Version Compatibility
Laravel 9.0 introduced changes to the default TrustedProxies
middleware, and the fideloper/proxy package is no longer required, as the functionality is included with Laravel. I'm not actively using Vapor and am not sure whether this package is still required, but I have gone ahead and updated the requirements and pushed the v2.0
release, which drops support for earlier Laravel versions.
Installation
You can install the package via composer:
composer require ge-tracker/laravel-vapor-trusted-proxies
Next, you must edit your app\Http\Middleware\TrustProxies.php
middleware and modify an import to use the middleware provided by this package:
<?php namespace App\Http\Middleware; use GeTracker\LaravelVaporTrustedProxies\Http\LaravelVaporTrustedProxies as Middleware; use Illuminate\Http\Request; class TrustProxies extends Middleware { ...
The package will then work out-of-the-box to dynamically fetch the proxy servers used by your current Vapor's deployment.
Testing
composer test
Changelog
Please see CHANGELOG for more information what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security
If you discover any security related issues, please email james@ge-tracker.com instead of using the issue tracker.
Credits
License
The MIT License (MIT). Please see License File for more information.