Unclear usage of trusted proxies and incomplete implementation

Question

Unclear usage of trusted proxies and incomplete implementation

mayrstefan opened this issue 2 years ago · 1 comments

mayrstefan commented 2 years ago

BUG REPORT INFORMATION

Prerequisites

Versions

Current develop branch on Github

Description

There is some code to support trusted proxies with X-Forwarded-*-Headers:
https://github.com/centreon/centreon/blob/b5b67910be42a25867b884896d640737fb8a07e4/api/index.php#L34-L36

Describe the received result

There is no documentation how this is expexted to be used. This code exists only for the Centreon API. Support for trusted proxies seems to be missing for the Centreon UI and CLAPI code. Those are without symfony and $_SERVER variables are directly accessed.

Describe the expected result

There should be a documentation on how to set TRUSTED_PROXIES in Apache httpd configuration and that should also be supported in the UI and CLAPI code paths.

Answer 1 · 2022-08-14T21:01:25.000Z

Is there a plan to start using Symfony in the Centreon UI too? If yes one could move https://github.com/centreon/centreon/blob/b5b67910be42a25867b884896d640737fb8a07e4/api/index.php#L22-L46 into bootstrap.php and we could start pull requests to remove the usage of some $_SERVER variables (REQUEST_SCHEME, SERVER_PORT, ...) by their Symfony equivalents.