This repository has been archived by the owner on Dec 13, 2022. It is now read-only.
Unclear usage of trusted proxies and incomplete implementation #11585
Labels
status/new
New tickets
Comments
|
Is there a plan to start using Symfony in the Centreon UI too? If yes one could move https://github.com/centreon/centreon/blob/b5b67910be42a25867b884896d640737fb8a07e4/api/index.php#L22-L46 into bootstrap.php and we could start pull requests to remove the usage of some $_SERVER variables (REQUEST_SCHEME, SERVER_PORT, ...) by their Symfony equivalents. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
BUG REPORT INFORMATION
Prerequisites
Versions
Current develop branch on Github
Description
There is some code to support trusted proxies with X-Forwarded-*-Headers:
https://github.com/centreon/centreon/blob/b5b67910be42a25867b884896d640737fb8a07e4/api/index.php#L34-L36
Describe the received result
There is no documentation how this is expexted to be used. This code exists only for the Centreon API. Support for trusted proxies seems to be missing for the Centreon UI and CLAPI code. Those are without symfony and $_SERVER variables are directly accessed.
Describe the expected result
There should be a documentation on how to set TRUSTED_PROXIES in Apache httpd configuration and that should also be supported in the UI and CLAPI code paths.
The text was updated successfully, but these errors were encountered: