Skip to content

Stop the trusted-proxy chain walk at unparsable hops#108

Merged
sascha-egerer merged 2 commits into
mainfrom
bugfix/trusted-proxy-unparsable-hop
Jul 2, 2026
Merged

Stop the trusted-proxy chain walk at unparsable hops#108
sascha-egerer merged 2 commits into
mainfrom
bugfix/trusted-proxy-unparsable-hop

Conversation

@sascha-egerer

Copy link
Copy Markdown
Contributor

No description provided.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens TrustedProxyResolver’s proxy-header trust model by making the right-to-left chain walk stop and fall back to REMOTE_ADDR as soon as it encounters an unparsable hop, and updates unit tests + changelog to reflect the new semantics.

Changes:

  • Treat an unparsable hop in the forwarded chain as terminal (stop walking; fall back to the direct peer).
  • Update/add unit tests to assert terminal behavior for XFF and Forwarded chains.
  • Document the behavioral change as a security fix in the changelog.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
tests/Unit/TrustedProxyTest.php Updates tests to cover terminal behavior for unparsable hops in XFF/Forwarded chains.
src/Http/TrustedProxyResolver.php Changes resolver behavior to stop the chain walk at unparsable entries and fall back to REMOTE_ADDR.
CHANGELOG.md Documents the terminal-unparsable-hop behavior as a security change.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/Http/TrustedProxyResolver.php
Comment thread tests/Unit/TrustedProxyTest.php

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.

@sascha-egerer sascha-egerer merged commit 981954d into main Jul 2, 2026
14 checks passed
@sascha-egerer sascha-egerer deleted the bugfix/trusted-proxy-unparsable-hop branch July 2, 2026 12:20
@sascha-egerer sascha-egerer restored the bugfix/trusted-proxy-unparsable-hop branch July 2, 2026 12:27
@sascha-egerer sascha-egerer deleted the bugfix/trusted-proxy-unparsable-hop branch July 2, 2026 12:28
@sascha-egerer sascha-egerer restored the bugfix/trusted-proxy-unparsable-hop branch July 2, 2026 12:29
@sascha-egerer sascha-egerer deleted the bugfix/trusted-proxy-unparsable-hop branch July 2, 2026 12:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants