Checking trusted proxy provider is more complicated than it needs to be

Kirby

Well-known member
Affected version
2.2.12
\XF\Http\Request has public data to check if the request was received through a trusted provider (Google, Cloudflare) - but it does not remember if it was and method ipMatchesRanges is protected.

So if I need to check wether the request was received through a trusted provider (for example to decide if some request headers can be truested) I have to somewhat duplicate code and re-do checks that already had been done.

Could this be simplified a bit?

  • Move the code from \XF\Http\Request::ipMatchesRanges to a public static method in \XF\Util\Ip so it can be reused; keep the protected method for compatibility and just make it call the util method)
  • Remember if the request was received from a trusted provider and somehow make that information available to callers, eg. smth. like method isReceivedFromTrustedProvider(string $provider): bool
 
Back
Top Bottom