This package was created due to request()->ip() always returning 127.0.0.1 on Laravel Vapor. There are several fixes online that trust all proxy servers. These solutions may be suitable for basic applications, however, these changes will allow any user to send the X-FORWARDED-FOR header to spoof their originating IP address.
Due to the dynamic nature of Laravel Vapor, it becomes a challenge to set the trusted proxies for your Laravel application. If you rely on the IP address of the user being valid, then this package is for you!
Laravel 9.0 introduced changes to the default TrustedProxies middleware, and the fideloper/proxy package is no longer required, as the functionality is included with Laravel. I'm not actively using Vapor and am not sure whether this package is still required, but I have gone ahead and updated the requirements and pushed the v2.0 release, which drops support for earlier Laravel versions.
| Laravel | Package Version |
|---|---|
^9.0 and up |
^2.0 |
<= 9.0 |
^1.0 |
You can install the package via composer:
composer require ge-tracker/laravel-vapor-trusted-proxiesNext, you must edit your app\Http\Middleware\TrustProxies.php middleware and modify an import to use the middleware provided by this package:
<?php
namespace App\Http\Middleware;
use GeTracker\LaravelVaporTrustedProxies\Http\LaravelVaporTrustedProxies as Middleware;
use Illuminate\Http\Request;
class TrustProxies extends Middleware
{
...The package will then work out-of-the-box to dynamically fetch the proxy servers used by your current Vapor's deployment.
composer testPlease see CHANGELOG for more information what has changed recently.
Please see CONTRIBUTING for details.
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
The MIT License (MIT). Please see License File for more information.