-
Notifications
You must be signed in to change notification settings - Fork 0
/
trusted_reverse_proxy.module
47 lines (42 loc) · 2.68 KB
/
trusted_reverse_proxy.module
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?php
/**
* @file
* Hooks and other functional code for Trusted Reverse Proxy module.
*/
declare(strict_types=1);
use Drupal\Core\StringTranslation\TranslatableMarkup;
use Drupal\system\Element\StatusReportPage;
/**
* Implements hook_preprocess_HOOK().
*/
function trusted_reverse_proxy_preprocess_status_report_page(&$variables) {
// Make sure this is the Status report page.
if (\Drupal::routeMatch()->getRouteName() !== 'system.status') {
return;
}
$container = \Drupal::getContainer();
$severity = $container->getParameter('trusted_reverse_proxy');
$originalSeverity = $variables['requirements']['#requirements']['trusted_host_patterns']['severity'];
if ($originalSeverity !== $severity['severity']) {
$variables['requirements']['#requirements']['trusted_host_patterns']['severity'] = $severity['severity'];
// Mock an element for rendering to retrieve the counters.
// The code generating the status page operates without meaningful value
// objects and no real hooks to manipulate the values at this stage.
// @see https://www.drupal.org/project/drupal/issues/309040
$fakeElement = [
'#requirements' => $variables['requirements']['#requirements'],
];
$variables['counters'] = StatusReportPage::preRenderCounters($fakeElement)['#counters'];
}
/** @var \Drupal\Core\Site\Settings $settings */
$settings = \Drupal::service('settings');
$reverseProxyConfigured = $settings->get('reverse_proxy', FALSE) && count($settings->get('reverse_proxy_addresses', []));
if ($reverseProxyConfigured && !empty($variables['requirements']['#requirements']['trusted_host_patterns']) && $variables['requirements']['#requirements']['trusted_host_patterns']['severity'] === REQUIREMENT_ERROR) {
$variables['requirements']['#requirements']['trusted_host_patterns']['description'] = new TranslatableMarkup(
'The trusted_host_patterns setting is not configured in <code>settings.php</code>.<br />
<strong>The Trusted Reverse Proxy module is installed and will trust reverse proxies it detects</strong> (or those explicitly configured). Therefore, not having trusted host patterns set is not necessarily a security risk <em>if you trust your upstream network path</em>.<br />
<a href="https://www.drupal.org/docs/8/install/trusted-host-settings">Read more about this setting</a> and disable the <code>trusted_reverse_proxy</code> module if you are not behind a trusted proxy or this message is unfamiliar to you.<br />
Reverse proxies such as CloudFlare that perform backend requests over the public Internet should be configured to use "authenticated origin pulls" to ensure integrity of the <code>x-forwarded-for</code> header this site receives.'
);
}
}