@@ -762,16 +762,86 @@ public function testIsSecure(): void
762762 $ this ->assertTrue ($ this ->request ->isSecure ());
763763 }
764764
765- public function testIsSecureFrontEnd (): void
766- {
767- $ this ->request ->appendHeader ('Front-End-Https ' , 'on ' );
768- $ this ->assertTrue ($ this ->request ->isSecure ());
765+ /**
766+ * @param array<string, string> $proxyIPs
767+ */
768+ #[DataProvider('provideIsSecureWithForwardedHeaders ' )]
769+ public function testIsSecureWithForwardedHeaders (
770+ string $ header ,
771+ string $ value ,
772+ string $ remoteAddr ,
773+ array $ proxyIPs ,
774+ bool $ expected ,
775+ ): void {
776+ service ('superglobals ' )->setServer ('REMOTE_ADDR ' , $ remoteAddr );
777+
778+ $ config = new App ();
779+ $ config ->proxyIPs = $ proxyIPs ;
780+
781+ $ request = $ this ->createRequest ($ config );
782+ $ request ->appendHeader ($ header , $ value );
783+
784+ $ this ->assertSame ($ expected , $ request ->isSecure ());
769785 }
770786
771- public function testIsSecureForwarded (): void
787+ /**
788+ * @return iterable<string, array{string, string, string, array<string, string>, bool}>
789+ */
790+ public static function provideIsSecureWithForwardedHeaders (): iterable
772791 {
773- $ this ->request ->appendHeader ('X-Forwarded-Proto ' , 'https ' );
774- $ this ->assertTrue ($ this ->request ->isSecure ());
792+ yield from [
793+ 'X-Forwarded-Proto trusted proxy IP ' => [
794+ 'X-Forwarded-Proto ' , 'https ' , '10.0.1.200 ' , ['10.0.1.200 ' => 'X-Forwarded-For ' ], true ,
795+ ],
796+ 'X-Forwarded-Proto no trusted proxies ' => [
797+ 'X-Forwarded-Proto ' , 'https ' , '10.0.1.200 ' , [], false ,
798+ ],
799+ 'X-Forwarded-Proto untrusted proxy IP ' => [
800+ 'X-Forwarded-Proto ' , 'https ' , '10.0.1.201 ' , ['10.0.1.200 ' => 'X-Forwarded-For ' ], false ,
801+ ],
802+ 'X-Forwarded-Proto trusted subnet ' => [
803+ 'X-Forwarded-Proto ' , 'https ' , '192.168.5.21 ' , ['192.168.5.0/24 ' => 'X-Forwarded-For ' ], true ,
804+ ],
805+ 'X-Forwarded-Proto out of trusted subnet ' => [
806+ 'X-Forwarded-Proto ' , 'https ' , '192.168.6.21 ' , ['192.168.5.0/24 ' => 'X-Forwarded-For ' ], false ,
807+ ],
808+ 'X-Forwarded-Proto trusted IPv6 subnet ' => [
809+ 'X-Forwarded-Proto ' , 'https ' , '2001:db8::5 ' , ['2001:db8::/32 ' => 'X-Forwarded-For ' ], true ,
810+ ],
811+ 'X-Forwarded-Proto out of trusted IPv6 subnet ' => [
812+ 'X-Forwarded-Proto ' , 'https ' , '2001:db9::5 ' , ['2001:db8::/32 ' => 'X-Forwarded-For ' ], false ,
813+ ],
814+ 'X-Forwarded-Proto trusted proxy but http ' => [
815+ 'X-Forwarded-Proto ' , 'http ' , '10.0.1.200 ' , ['10.0.1.200 ' => 'X-Forwarded-For ' ], false ,
816+ ],
817+ 'Front-End-Https trusted proxy IP ' => [
818+ 'Front-End-Https ' , 'on ' , '10.0.1.200 ' , ['10.0.1.200 ' => 'X-Forwarded-For ' ], true ,
819+ ],
820+ 'Front-End-Https no trusted proxies ' => [
821+ 'Front-End-Https ' , 'on ' , '10.0.1.200 ' , [], false ,
822+ ],
823+ 'Front-End-Https trusted proxy but off ' => [
824+ 'Front-End-Https ' , 'off ' , '10.0.1.200 ' , ['10.0.1.200 ' => 'X-Forwarded-For ' ], false ,
825+ ],
826+ 'invalid proxy IP string ' => [
827+ 'X-Forwarded-Proto ' , 'https ' , '10.0.1.200 ' , ['not an ip ' => 'X-Forwarded-For ' ], false ,
828+ ],
829+ 'invalid proxy CIDR mask ' => [
830+ 'X-Forwarded-Proto ' , 'https ' , '192.168.5.21 ' , ['192.168.5.0/foo ' => 'X-Forwarded-For ' ], false ,
831+ ],
832+ 'empty proxy CIDR mask ' => [
833+ 'X-Forwarded-Proto ' , 'https ' , '192.168.5.21 ' , ['192.168.5.0/ ' => 'X-Forwarded-For ' ], false ,
834+ ],
835+ 'negative proxy CIDR mask ' => [
836+ 'X-Forwarded-Proto ' , 'https ' , '192.168.5.21 ' , ['192.168.5.0/-1 ' => 'X-Forwarded-For ' ], false ,
837+ ],
838+ 'out of range IPv4 proxy CIDR mask ' => [
839+ 'X-Forwarded-Proto ' , 'https ' , '192.168.5.21 ' , ['192.168.5.0/33 ' => 'X-Forwarded-For ' ], false ,
840+ ],
841+ 'out of range IPv6 proxy CIDR mask ' => [
842+ 'X-Forwarded-Proto ' , 'https ' , '2001:db8::5 ' , ['2001:db8::/129 ' => 'X-Forwarded-For ' ], false ,
843+ ],
844+ ];
775845 }
776846
777847 public function testUserAgent (): void
0 commit comments