Checking trusted proxy provider is more complicated than it needs to be

K

Kirby

Well-known member
Affected version
2.2.12
\XF\Http\Request has public data to check if the request was received through a trusted provider (Google, Cloudflare) - but it does not remember if it was and method ipMatchesRanges is protected.

So if I need to check wether the request was received through a trusted provider (for example to decide if some request headers can be truested) I have to somewhat duplicate code and re-do checks that already had been done.

Could this be simplified a bit?

  • Move the code from \XF\Http\Request::ipMatchesRanges to a public static method in \XF\Util\Ip so it can be reused; keep the protected method for compatibility and just make it call the util method)
  • Remember if the request was received from a trusted provider and somehow make that information available to callers, eg. smth. like method isReceivedFromTrustedProvider(string $provider): bool
 

Similar threads

mattrogowski
  • Suggestion Suggestion
Make it easier to define global forum filters
Replies
3
Views
297
mattrogowski
mattrogowski
digitalpoint
  • Suggestion Suggestion
Add geo columns to xf_ip
Replies
7
Views
835
ekool
ekool
X
XF web upgrade exposes half-upgraded state to caching layer
Replies
0
Views
156
Xon
X
K
Passing more extraParams to user spam checker from registration service requires overwriting whole method
Replies
2
Views
412
Kirby
K
yodiceman
Duplicate Unfurl error due to apostrophe in internal link
Replies
1
Views
535
Jeremy P
Jeremy P
Top Bottom