IBX-11181: Trusted Proxies is not set on Ibexa Cloud

vidarl · vidarl · commit b1a199d5aae6 · 2026-01-14T15:36:34.000+01:00
diff --git a/src/bundle/Core/EventSubscriber/TrustedHeaderClientIpEventSubscriber.php b/src/bundle/Core/EventSubscriber/TrustedHeaderClientIpEventSubscriber.php
@@ -15,16 +15,6 @@
 
 final class TrustedHeaderClientIpEventSubscriber implements EventSubscriberInterface
 {
-    private const PLATFORM_SH_TRUSTED_HEADER_CLIENT_IP = 'X-Client-IP';
-
-    private ?string $trustedHeaderName;
-
-    public function __construct(
-        ?string $trustedHeaderName
-    ) {
-        $this->trustedHeaderName = $trustedHeaderName;
-    }
-
     public static function getSubscribedEvents(): array
     {
         return [
@@ -36,28 +26,9 @@ public function onKernelRequest(RequestEvent $event): void
     {
         $request = $event->getRequest();
 
-        $trustedProxies = Request::getTrustedProxies();
-        $trustedHeaderSet = Request::getTrustedHeaderSet();
-
-        $trustedHeaderName = $this->trustedHeaderName;
-        if (null === $trustedHeaderName && $this->isPlatformShProxy($request)) {
-            $trustedHeaderName = self::PLATFORM_SH_TRUSTED_HEADER_CLIENT_IP;
+        if ($this->isPlatformShProxy($request) && $request->headers->get('Client-Cdn') === 'fastly') {
+            Request::setTrustedProxies(['REMOTE_ADDR'], Request::getTrustedHeaderSet());
         }
-
-        if (null === $trustedHeaderName) {
-            return;
-        }
-
-        $trustedClientIp = $request->headers->get($trustedHeaderName);
-
-        if (null !== $trustedClientIp) {
-            if ($trustedHeaderSet !== -1) {
-                $trustedHeaderSet |= Request::HEADER_X_FORWARDED_FOR;
-            }
-            $request->headers->set('X_FORWARDED_FOR', $trustedClientIp);
-        }
-
-        Request::setTrustedProxies($trustedProxies, $trustedHeaderSet);
     }
 
     private function isPlatformShProxy(Request $request): bool
diff --git a/src/bundle/Core/Resources/config/services.yml b/src/bundle/Core/Resources/config/services.yml
@@ -312,8 +312,6 @@ services:
             $cache: '@ibexa.cache_pool'
 
     Ibexa\Bundle\Core\EventSubscriber\TrustedHeaderClientIpEventSubscriber:
-        arguments:
-            $trustedHeaderName: '%ibexa.trusted_header_client_ip_name%'
         tags:
             - {name: kernel.event_subscriber}
 
