From 12eda32a1eefb238b2e0092e3f73c95626426ff9 Mon Sep 17 00:00:00 2001
From: David Beniamine <david.beniamine@tetras-libre.fr>
Date: Wed, 26 Apr 2023 23:14:50 +0200
Subject: [PATCH] Make sure that symfony handles the x-forwarded headers

---
 config/packages/framework.yaml | 2 ++
 traefik.yml                    | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
index 07b9ab3..39c4844 100644
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -3,6 +3,8 @@ framework:
     secret: '%env(APP_SECRET)%'
     #csrf_protection: true
     http_method_override: false
+    trusted_proxies: '127.0.0.1,REMOTE_ADDR'
+    trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port']
 
     # Enables session support. Note that the session will ONLY be started if you read or write from it.
     # Remove or comment this section to explicitly disable session support.
diff --git a/traefik.yml b/traefik.yml
index 9f450b6..fc5ff42 100644
--- a/traefik.yml
+++ b/traefik.yml
@@ -12,7 +12,7 @@ services:
       - "traefik.http.routers.${NAME}.rule=Host(${HOST})"
       - "traefik.http.routers.${NAME}.tls.certresolver=myresolver"
       - "traefik.http.routers.${NAME}.entrypoints=web,websecure"
-      - "traefik.http.routers.${NAME}.middlewares=hardening@docker"
+      - "traefik.http.routers.${NAME}.middlewares=hardening@docker,xforwardedproto@docker,xforwardedport@docker"
 
 
 networks:
-- 
GitLab