From 30cef56fca5afad5ab738bbe5df61caba16a0199 Mon Sep 17 00:00:00 2001
From: Alexey Skobkin <skobkin-ru@ya.ru>
Date: Mon, 11 Jul 2022 00:46:06 +0300
Subject: [PATCH] Adding framework.trusted_proxies configuration to be able to
 properly function behind Nginx and RoadRunner.

---
 .env                           | 4 ++++
 config/packages/framework.yaml | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/.env b/.env
index 06386d7..8a0b331 100644
--- a/.env
+++ b/.env
@@ -42,3 +42,7 @@ MAILER_FROM=no-reply@magnetico-web.tld
 EWZ_RECAPTCHA_SITE_KEY=
 EWZ_RECAPTCHA_SECRET=
 ###< excelwebzone/recaptcha-bundle ###
+
+# Run this app only behind reverse-proxy if this is set!
+# https://symfony.com/doc/5.4/deployment/proxies.html#but-what-if-the-ip-of-my-reverse-proxy-changes-constantly
+TRUSTED_PROXIES=127.0.0.1
diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
index 7853e9e..968d6e0 100644
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -4,6 +4,9 @@ framework:
     #csrf_protection: true
     http_method_override: false
 
+    # https://symfony.com/doc/5.4/deployment/proxies.html#but-what-if-the-ip-of-my-reverse-proxy-changes-constantly
+    trusted_proxies: '%env(TRUSTED_PROXIES)%'
+
     # Enables session support. Note that the session will ONLY be started if you read or write from it.
     # Remove or comment this section to explicitly disable session support.
     session: