ge-tracker/laravel-vapor-trusted-proxies

Build a dynamic list of trusted proxies for use with Laravel Vapor

v2.2.0 2024-03-22 14:26 UTC

This package is auto-updated.

Last update: 2024-11-22 16:51:15 UTC


README

Latest Version on Packagist Total Downloads

This package was created due to request()->ip() always returning 127.0.0.1 on Laravel Vapor. There are several fixes online that trust all proxy servers. These solutions may be suitable for basic applications, however, these changes will allow any user to send the X-FORWARDED-FOR header to spoof their originating IP address.

Due to the dynamic nature of Laravel Vapor, it becomes a challenge to set the trusted proxies for your Laravel application. If you rely on the IP address of the user being valid, then this package is for you!

Version Compatibility

Laravel 9.0 introduced changes to the default TrustedProxies middleware, and the fideloper/proxy package is no longer required, as the functionality is included with Laravel. I'm not actively using Vapor and am not sure whether this package is still required, but I have gone ahead and updated the requirements and pushed the v2.0 release, which drops support for earlier Laravel versions.

Installation

You can install the package via composer:

composer require ge-tracker/laravel-vapor-trusted-proxies

Next, you must edit your app\Http\Middleware\TrustProxies.php middleware and modify an import to use the middleware provided by this package:

<?php

namespace App\Http\Middleware;

use GeTracker\LaravelVaporTrustedProxies\Http\LaravelVaporTrustedProxies as Middleware;
use Illuminate\Http\Request;

class TrustProxies extends Middleware
{
    ...

The package will then work out-of-the-box to dynamically fetch the proxy servers used by your current Vapor's deployment.

Testing

composer test

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email james@ge-tracker.com instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.