From 458cdb8918fde2bed3159e5f52907cc10d8551c5 Mon Sep 17 00:00:00 2001 From: basteln3rk Date: Sat, 2 Dec 2023 20:34:01 +0000 Subject: [PATCH 1/5] Add tests for page.url with base url and reverse proxy trusted prefix --- tests/ResponseTest.php | 48 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/tests/ResponseTest.php b/tests/ResponseTest.php index 456e7707..00a04668 100644 --- a/tests/ResponseTest.php +++ b/tests/ResponseTest.php @@ -361,4 +361,52 @@ public function test_responsable_with_invalid_key(): void $page['props']['resource'] ); } + + public function test_page_url_with_baseurl() : void + { + $request = Request::create('/app-base-url/user/123', 'GET', [], [], [], [ + 'SCRIPT_FILENAME' => '/ws/test/app-base-url/public/index.php', + 'SCRIPT_NAME' => '/app-base-url/index.php', + ]); + $request->headers->add(['X-Inertia' => 'true']); + $this->assertSame('/app-base-url', $request->getBaseUrl()); + + $user = (object) ['name' => 'Jonathan']; + $response = new Response('User/Edit', ['user' => $user], 'app', '123'); + $response = $response->toResponse($request); + $page = $response->getData(); + + $this->assertSame( + '/app-base-url/user/123', + $page->url + ); + } + + public function test_page_url_with_baseurl_and_proxy() : void + { + Request::setTrustedProxies([ + '8.8.8.8' + ], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_PREFIX); + $request = Request::create('/app-base-url/user/123', 'GET', [], [], [], [ + 'SCRIPT_FILENAME' => '/ws/test/app-base-url/public/index.php', + 'SCRIPT_NAME' => '/app-base-url/index.php', + 'REMOTE_ADDR' => '8.8.8.8', + 'HTTP_X_FORWARDED_FOR' => '7.7.7.7', + 'HTTP_X_FORWARDED_PREFIX' => '/proxy-prefix', + ]); + + $request->headers->add(['X-Inertia' => 'true']); + + $this->assertTrue($request->isFromTrustedProxy()); + + $user = (object) ['name' => 'Jonathan']; + $response = new Response('User/Edit', ['user' => $user], 'app', '123'); + $response = $response->toResponse($request); + $page = $response->getData(); + + $this->assertSame( + '/proxy-prefix/app-base-url/user/123', + $page->url + ); + } } From ab11f8731a7a89cd29482e63b9e5ee45f00fdbad Mon Sep 17 00:00:00 2001 From: basteln3rk Date: Sat, 2 Dec 2023 20:37:35 +0000 Subject: [PATCH 2/5] Fix: page.url contains the base url twice --- src/Response.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Response.php b/src/Response.php index 953a8e52..a9fdeb09 100644 --- a/src/Response.php +++ b/src/Response.php @@ -99,7 +99,7 @@ public function toResponse($request) $page = [ 'component' => $this->component, 'props' => $props, - 'url' => $request->getBaseUrl().$request->getRequestUri(), + 'url' => $request->getBaseUrl() . $request->getPathInfo() . ($request->getQueryString() ? '?' . $request->getQueryString() : ''), 'version' => $this->version, ]; From 9f201d0ed2db6f13e0ddbc7b137a7f757509af23 Mon Sep 17 00:00:00 2001 From: basteln3rk Date: Sat, 2 Dec 2023 21:50:19 +0000 Subject: [PATCH 3/5] add test case for page url with proxy forwarded prefix only --- tests/ResponseTest.php | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/tests/ResponseTest.php b/tests/ResponseTest.php index 00a04668..680c19d6 100644 --- a/tests/ResponseTest.php +++ b/tests/ResponseTest.php @@ -382,7 +382,35 @@ public function test_page_url_with_baseurl() : void ); } - public function test_page_url_with_baseurl_and_proxy() : void + public function test_page_url_with_proxy_forwarded_prefix() : void + { + Request::setTrustedProxies([ + '8.8.8.8' + ], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_PREFIX); + $request = Request::create('/user/123', 'GET', [], [], [], [ + 'SCRIPT_FILENAME' => '/ws/test/app-base-url/public/index.php', + 'SCRIPT_NAME' => '/index.php', + 'REMOTE_ADDR' => '8.8.8.8', + 'HTTP_X_FORWARDED_FOR' => '7.7.7.7', + 'HTTP_X_FORWARDED_PREFIX' => '/proxy-prefix', + ]); + + $request->headers->add(['X-Inertia' => 'true']); + + $this->assertTrue($request->isFromTrustedProxy()); + + $user = (object) ['name' => 'Jonathan']; + $response = new Response('User/Edit', ['user' => $user], 'app', '123'); + $response = $response->toResponse($request); + $page = $response->getData(); + + $this->assertSame( + '/proxy-prefix/user/123', + $page->url + ); + } + + public function test_page_url_with_baseurl_and_proxy_forwarded_prefix() : void { Request::setTrustedProxies([ '8.8.8.8' From 262ec7c58b0ba217801e5680e22ef3f6b7ac08e8 Mon Sep 17 00:00:00 2001 From: basteln3rk Date: Sat, 2 Dec 2023 22:06:06 +0000 Subject: [PATCH 4/5] skip proxy forward prefix on legacy symfony which does not support this feature --- tests/ResponseTest.php | 40 +++++++++------------------------------- 1 file changed, 9 insertions(+), 31 deletions(-) diff --git a/tests/ResponseTest.php b/tests/ResponseTest.php index 680c19d6..cb2c51dc 100644 --- a/tests/ResponseTest.php +++ b/tests/ResponseTest.php @@ -384,9 +384,15 @@ public function test_page_url_with_baseurl() : void public function test_page_url_with_proxy_forwarded_prefix() : void { - Request::setTrustedProxies([ - '8.8.8.8' - ], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_PREFIX); + try { + Request::setTrustedProxies([ + '8.8.8.8' + ], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_PREFIX); + } catch (\Throwable $th) { + $this->markTestSkipped('Trusted proxies not supported in this version of Symfony'); + return; + } + $request = Request::create('/user/123', 'GET', [], [], [], [ 'SCRIPT_FILENAME' => '/ws/test/app-base-url/public/index.php', 'SCRIPT_NAME' => '/index.php', @@ -409,32 +415,4 @@ public function test_page_url_with_proxy_forwarded_prefix() : void $page->url ); } - - public function test_page_url_with_baseurl_and_proxy_forwarded_prefix() : void - { - Request::setTrustedProxies([ - '8.8.8.8' - ], Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_PREFIX); - $request = Request::create('/app-base-url/user/123', 'GET', [], [], [], [ - 'SCRIPT_FILENAME' => '/ws/test/app-base-url/public/index.php', - 'SCRIPT_NAME' => '/app-base-url/index.php', - 'REMOTE_ADDR' => '8.8.8.8', - 'HTTP_X_FORWARDED_FOR' => '7.7.7.7', - 'HTTP_X_FORWARDED_PREFIX' => '/proxy-prefix', - ]); - - $request->headers->add(['X-Inertia' => 'true']); - - $this->assertTrue($request->isFromTrustedProxy()); - - $user = (object) ['name' => 'Jonathan']; - $response = new Response('User/Edit', ['user' => $user], 'app', '123'); - $response = $response->toResponse($request); - $page = $response->getData(); - - $this->assertSame( - '/proxy-prefix/app-base-url/user/123', - $page->url - ); - } } From 1948dc3714b224ae05e0b99e5422242b5471b2d9 Mon Sep 17 00:00:00 2001 From: basteln3rk Date: Wed, 6 Dec 2023 18:35:59 +0000 Subject: [PATCH 5/5] make explicit that we are removing scheme and host from the full request URL --- src/Response.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Response.php b/src/Response.php index a9fdeb09..9c7e2307 100644 --- a/src/Response.php +++ b/src/Response.php @@ -99,7 +99,7 @@ public function toResponse($request) $page = [ 'component' => $this->component, 'props' => $props, - 'url' => $request->getBaseUrl() . $request->getPathInfo() . ($request->getQueryString() ? '?' . $request->getQueryString() : ''), + 'url' => str_replace($request->getSchemeAndHttpHost(), '', $request->getUri()), 'version' => $this->version, ];