Contrib.social

Client IP is set too late to use in access controls.

Open on Drupal.org β†’
Created on 16 June 2022, almost 3 years ago
Updated 7 July 2023, almost 2 years ago

Problem/Motivation

There are circumstances when client IPs need to be used in an access control method. The current priority value causes ReverseProxyHeaderClientIpRestore::onRequest to run after both Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelRequest and Drupal\Core\EventSubscriber\AuthenticationSubscriber::getSubscribedEvents

Steps to reproduce

  • Create an implementation of hook_ENTITY_TYPE_access() and set a breakpoint or diagnostic statement in the function
  • Set another breakpoint or diagnostic statement in if (!$reverse_proxy_header_name) in ReverseProxyHeaderClientIpRestore::onRequest

Observe that the hook_ENTITY_TYPE_access() implementation runs before this module can set the client IP.

Proposed resolution

Increase the priority of the event response so that it preceeds these other event responses. AuthenticationSubscriber runs at priority 300.

Remaining tasks

None.

User interface changes

None.

API changes

None.

Data model changes

None.

πŸ› Bug report
Status

Fixed

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States fathershawn New York

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024