brefphp · Nyholm · Mar 11, 2020 · Mar 11, 2020
diff --git a/Symfony/assets/public/index.php b/Symfony/assets/public/index.php
@@ -20,12 +20,14 @@
     Request::setTrustedHosts([$trustedHosts]);
 }
 
+// Get user IP:
+if (isset($_SERVER['LAMBDA_CONTEXT'])) {
+    $context = json_decode($_SERVER['LAMBDA_CONTEXT'], true);
+    $_SERVER['HTTP_X_FORWARDED_FOR'] = $context['identity']['sourceIp'] ?? '';
+}
+
 $kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
 $request = Request::createFromGlobals();
-
-// Trust all headers for everyone. This is extremely dangerous. But it fine if the code runs on Lambda thanks to AWs security.
-Request::setTrustedProxies(['127.0.0.1', $request->server->get('REMOTE_ADDR')], Request::HEADER_X_FORWARDED_ALL);
-
 $response = $kernel->handle($request);
 $response->send();
 $kernel->terminate($request, $response);
diff --git a/Symfony/assets/serverless.yml b/Symfony/assets/serverless.yml
@@ -9,6 +9,7 @@ provider:
     runtime: provided
     environment:
         APP_ENV: prod
+        TRUSTED_PROXIES: '127.0.0.1'
         APP_SECRET: 7ca3adc3815e12d67b4637595b7f9dff
         MESSENGER_TRANSPORT_DSN: https://sqs.us-east-1.amazonaws.com/403367587399/foobar
 

diff --git a/Symfony/binary/public/index.php b/Symfony/binary/public/index.php
@@ -20,12 +20,14 @@
     Request::setTrustedHosts([$trustedHosts]);
 }
 
+// Get user IP:
+if (isset($_SERVER['LAMBDA_CONTEXT'])) {
+    $context = json_decode($_SERVER['LAMBDA_CONTEXT'], true);
+    $_SERVER['HTTP_X_FORWARDED_FOR'] = $context['identity']['sourceIp'] ?? '';
+}
+
 $kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
 $request = Request::createFromGlobals();
-
-// Trust all headers for everyone. This is extremely dangerous. But it fine if the code runs on Lambda thanks to AWs security.
-Request::setTrustedProxies(['127.0.0.1', $request->server->get('REMOTE_ADDR')], Request::HEADER_X_FORWARDED_ALL);
-
 $response = $kernel->handle($request);
 $response->send();
 $kernel->terminate($request, $response);
diff --git a/Symfony/binary/serverless.yml b/Symfony/binary/serverless.yml
@@ -13,6 +13,7 @@ provider:
 
     environment:
         APP_ENV: prod
+        TRUSTED_PROXIES: '127.0.0.1'
         APP_SECRET: 7ca3adc3815e12d67b4637595b7f9dff
         MY_BUCKET: 'bref-example'
         BREF_BINARY_RESPONSES: 1

diff --git a/Symfony/sqs/public/index.php b/Symfony/sqs/public/index.php
@@ -20,12 +20,14 @@
     Request::setTrustedHosts([$trustedHosts]);
 }
 
+// Get user IP:
+if (isset($_SERVER['LAMBDA_CONTEXT'])) {
+    $context = json_decode($_SERVER['LAMBDA_CONTEXT'], true);
+    $_SERVER['HTTP_X_FORWARDED_FOR'] = $context['identity']['sourceIp'] ?? '';
+}
+
 $kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
 $request = Request::createFromGlobals();
-
-// Trust all headers for everyone. This is extremely dangerous. But it fine if the code runs on Lambda thanks to AWs security.
-Request::setTrustedProxies(['127.0.0.1', $request->server->get('REMOTE_ADDR')], Request::HEADER_X_FORWARDED_ALL);
-
 $response = $kernel->handle($request);
 $response->send();
 $kernel->terminate($request, $response);
diff --git a/Symfony/sqs/serverless.yml b/Symfony/sqs/serverless.yml
@@ -9,6 +9,7 @@ provider:
     runtime: provided
     environment:
         APP_ENV: prod
+        TRUSTED_PROXIES: '127.0.0.1'
         APP_SECRET: 7ca3adc3815e12d67b4637595b7f9dff
         MESSENGER_TRANSPORT_DSN: https://sqs.us-east-1.amazonaws.com/403367587399/foobar