Skip to content

Commit

Permalink
Merge pull request #7 from theblindfrog/feat/rewrite-cloudfront-port
Browse files Browse the repository at this point in the history 
Handle cloudfront-forwarded-port header too
  • Loading branch information
@jdavidbakr
jdavidbakr authored Sep 30, 2024
2 parents 5c7c070 + fa4c9ab commit b3b10c0
Show file tree
Hide file tree
Showing 2 changed files with 93 additions and 2 deletions.
9 changes: 7 additions & 2 deletions src/CloudfrontProxies.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ class CloudfrontProxies
*/
public function handle($request, Closure $next)
{
if ($request->header('cloudfront-forwarded-proto')) {
if ($request->header('cloudfront-forwarded-proto') || $request->header('cloudfront-forwarded-port')) {
$this->loadTrustedProxies($request);
$this->setCloudfrontHeaders($request);
}
Expand Down Expand Up @@ -48,6 +48,11 @@ protected function loadTrustedProxies($request)
protected function setCloudfrontHeaders($request)
{
$headers = $request->headers;
$headers->add(['x-forwarded-proto' => $headers->get('cloudfront-forwarded-proto')]);
if($request->header('cloudfront-forwarded-proto')) {
$headers->add(['x-forwarded-proto' => $headers->get('cloudfront-forwarded-proto')]);
}
if($request->header('cloudfront-forwarded-port')) {
$headers->add(['x-forwarded-port' => $headers->get('cloudfront-forwarded-port')]);
}
}
}
86 changes: 86 additions & 0 deletions tests/CloudfrontProxiesTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,92 @@ public function it_rewrites_proto_headers()
$this->assertEquals('https', $request->header('x-forwarded-proto'));
}

/**
* @test
*/
public function it_rewrites_port_headers()
{
$request = new Request(
[], // query
[], // request
[], // attributes
[], // cookies
[], // files
[
'HTTP_CLOUDFRONT_FORWARDED_PORT' => '443',
], // server
null // content
);
$middleware = new CloudfrontProxies;
$mock = Mockery::mock(Guzzle::class);
$response = new Response(200, [
'Content-Type' => 'application/json'
], json_encode([
'prefixes' => [
[
'ip_prefix' => '127.0.0.1/16',
'region' => 'GLOBAL',
'service' => 'CLOUDFRONT'
]
]
]));
$mock->shouldReceive('get')
->with('https://ip-ranges.amazonaws.com/ip-ranges.json')
->once()
->andReturn($response);
app()->instance(Guzzle::class, $mock);

$middleware->handle($request, function () {
});

// Verify that trusted proxies got properly set
$this->assertEquals('443', $request->header('x-forwarded-port'));
}

/**
* @test
*/
public function it_rewrites_proto_and_port_headers()
{
$request = new Request(
[], // query
[], // request
[], // attributes
[], // cookies
[], // files
[
'HTTP_CLOUDFRONT_FORWARDED_PORT' => '443',
'HTTP_CLOUDFRONT_FORWARDED_PROTO' => 'https',
], // server
null // content
);
$middleware = new CloudfrontProxies;
$mock = Mockery::mock(Guzzle::class);
$response = new Response(200, [
'Content-Type' => 'application/json'
], json_encode([
'prefixes' => [
[
'ip_prefix' => '127.0.0.1/16',
'region' => 'GLOBAL',
'service' => 'CLOUDFRONT'
]
]
]));
$mock->shouldReceive('get')
->with('https://ip-ranges.amazonaws.com/ip-ranges.json')
->once()
->andReturn($response);
app()->instance(Guzzle::class, $mock);

$middleware->handle($request, function () {
});

// Verify that trusted proxies got properly set
$this->assertEquals('https', $request->header('x-forwarded-proto'));
$this->assertEquals('443', $request->header('x-forwarded-port'));
}

/**
* @test
*/
Expand Down

0 comments on commit b3b10c0

Please sign in to comment.