无法使TrustProxies中间件正常工作 [英] Cannot get TrustProxies middleware to work
问题描述
在此处指向正确的方向后相对于Laravel 5.4绝对的302次重定向
我一直在尝试使Laravel TrustProxies中间件正常工作,但似乎忽略了X_FORWARDED_PROTO标头.
After pointed in the right direction here Laravel 5.4 relative instead of absolute 302 redirects
I've been trying to get Laravel TrustProxies middleware to work, but seems to be ignoring X_FORWARDED_PROTO header.
我的情况
我在Laravel(刚刚从5.4升级到5.5)中的应用程序位于负载平衡器的后面,该负载平衡器将所有流量从HTTPS转换为HTTP.
My scenario
My app in Laravel (just upgraded from 5.4 to 5.5) is behind a load balancer, which translates all traffic from HTTPS to HTTP.
我的问题
所有重定向都通过HTTP而不是原始协议HTTPS进行.
My problem
All redirects are going over HTTP instead of original protocol HTTPS.
尝试的解决方案
从Laravel 5.4升级到5.5,并利用现成的Laravel附带的TrustProxies中间件.
中间件具有:
Attempted Solution
Upgrade from Laravel 5.4 to 5.5 and take advantage of the TrustProxies middleware now shipped with Laravel out of the box.
Middleware has:
protected $proxies = '*';
/**
* The current proxy header mappings.
*
* @var array
*/
protected $headers = [
Request::HEADER_FORWARDED => 'FORWARDED',
Request::HEADER_X_FORWARDED_FOR => 'X_FORWARDED_FOR',
Request::HEADER_X_FORWARDED_HOST => 'X_FORWARDED_HOST',
Request::HEADER_X_FORWARDED_PORT => 'X_FORWARDED_PORT',
Request::HEADER_X_FORWARDED_PROTO => 'X_FORWARDED_PROTO',
];
App \ Http \ Kernel已注册中间件:
App\Http\Kernel has registered the middleware:
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
];
我的发现:
来自服务器的Tcp转储显示了标头:
My findings:
Tcp dump from the server reveals the header:
请求:
GET / HTTP/1.1
X_FORWARDED_PROTO: HTTPS
Host: mywebsiteaddress.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
但是响应具有通过HTTP定位的位置:
HTTP/1.1 302 Found
Date: Wed, 08 Nov 2017 18:03:48 GMT
Server: Apache/2.4.18 (Ubuntu)
Cache-Control: no-cache, private
Location: http://mywebsiteaddress.com/home
Set-Cookie: laravel_session=eyJp...In0%3D; expires=Wed, 08-Nov-2017 20:03:48 GMT; Max-Age=7200; path=/; HttpOnly
Content-Length: 376
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
其他评论:
自从我的应用程序从5.4升级到5.5之后,我复制了TrustProxies类,否则它将在5.5全新安装中出现.然后我在内核中注册了它.
也许我在这里错过了一步.
Additional comments:
Since my app was upgraded from 5.4 to 5.5, I copied the class TrustProxies that otherwise would've been there in a 5.5 fresh installation. Then I registered it in the Kernel.
Maybe I'm missing a step here.
我的希望:
我的疲倦并没有使我忘却忽略了一个简单的错误.
My hope:
That my tiredness is not clouding my mind that I'm overlooking a simple mistake.
任何建议,谢谢您!
更新:
在Apache中启用了log_forensics模块,我在请求中看到了x-forwarded-proto标头.
Update:
Enabled log_forensics module in Apache and I see the x-forwarded-proto header in the request.
GET / HTTP/1.1
X_FORWARDED_PROTO:HTTPS
Host:mywebsiteaddress.com
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv%3a56.0) Gecko/20100101 Firefox/56.0
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language:en-US,en;q=0.5
Accept-Encoding:gzip, deflate, br
Connection:keep-alive
Upgrade-Insecure-Requests:1
Cache-Control:max-age=0
有什么线索为什么Laravel可能不在headers数组中?
Any clue why Laravel may not have in the headers array?
推荐答案
确实很累.
负载平衡器一直在为C#(IIS)应用程序使用X_FORWARDED_PROTO标头,因此网络团队这次以相同的方式设置标头.
但是对于Laravel,标头必须采用 X-FORWARDED-PROTO 的形式,我知道这是正确的名称(用短划线代替下划线).
这就是Laravel(实际上是Symfony)在请求中丢弃标头的原因.
It was indeed tiredness.
The load balancer has been working with X_FORWARDED_PROTO header for C# (IIS) apps, so the network team set the header the same way this time.
But for Laravel, the header has to be in the form of X-FORWARDED-PROTO which I understand is the right name (dashes instead of underscores).
That is why Laravel (Symfony in reality) was discarding the header from the request.
这篇关于无法使TrustProxies中间件正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!