From bef107c9b0327c3ab05419ff85b952e88a96c21e Mon Sep 17 00:00:00 2001
From: clfreville2 <clement.freville2@etu.uca.fr>
Date: Fri, 7 Jun 2024 20:02:24 +0200
Subject: [PATCH] Trust CodeFirst reverse proxy

---
 .drone.yml                     | 1 +
 config/packages/framework.yaml | 2 +-
 config/services.yaml           | 2 ++
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index ddd4266..b49eedd 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -61,6 +61,7 @@ steps:
       CODEFIRST_CLIENTDRONE_ENV_SERVER_NAME: http://codefirst.iut.uca.fr
       CODEFIRST_CLIENTDRONE_ENV_CORS_ALLOW_ORIGIN: https://codefirst.iut.uca.fr
       CODEFIRST_CLIENTDRONE_ENV_ASSETS_BASE_PATH: /containers/clementfreville2-herbarium
+      CODEFIRST_CLIENTDRONE_ENV_TRUSTED_PROXIES: REMOTE_ADDR
     depends_on:
       - docker-image
     when:
diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
index 1616202..5fb74f9 100644
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -5,7 +5,7 @@ framework:
 
     assets:
         base_path: '%env(ASSETS_BASE_PATH)%'
-    trusted_proxies: '127.0.0.1,private_ranges'
+    trusted_proxies: '%env(TRUSTED_PROXIES)%'
     trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port', 'x-forwarded-prefix']
 
     # Note that the session will be started ONLY if you read or write from it.
diff --git a/config/services.yaml b/config/services.yaml
index 2021197..223b4e5 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -4,6 +4,8 @@
 # Put parameters here that don't need to change on each machine where the app is deployed
 # https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
 parameters:
+    trusted_proxies: '%env(TRUSTED_PROXIES)%'
+    env(TRUSTED_PROXIES): 127.0.0.1
 
 services:
     # default configuration for services in *this* file