Details
-
Bug
-
Resolution: Obsolete
-
Medium
-
None
-
5.2, 5.3-dev
-
None
Description
eZ Publish documentation at https://confluence.ez.no/display/EZP52/Virtual+host+setup specifies that trusted_proxies may be set using hostname:
# Defines the proxies to trust. # Separate entries by a comma # Example: "proxy1.example.com,proxy2.example.org" # By default, no trusted proxies are set #SetEnv TRUSTED_PROXIES "127.0.0.1"
However, symfony's FragmentListener seems to expect IP addresses to be used - if hostnames are used, fragment sub-requests will not be considered secure (and will fallback to checking the hash signature).
Steps to reproduce:
(an address other than 127.0.0.1 must be used to perform the request)
Using IP address:
1. configure TRUSTED_PROXIES variable with the proxy server/client IP.
2. restart apache if needed.
3. From this IP, access http://ezpublish52.local/_fragment?_path=_format%3Dhtml%26_locale%3Den_GB%26_controller%3DeZDemoBundle%253ADemo%253AuserLinks
4. Verify that the fragment is generated/output correctly.
Using hostname:
1. modify TRUSTED_PROXIES to use a hostname instead.
2. restart apache if needed.
3. access the url above
4. The result status should now be "500 Internal Server Error"