From 5c1530267d0c844de0f97f647de2ff4d3fcae9f9 Mon Sep 17 00:00:00 2001
From: Chris Morrell <inxilpro@users.noreply.github.com>
Date: Wed, 26 Jul 2023 10:58:02 -0400
Subject: [PATCH 1/2] Update trust proxies to rely on configuration if set

---
 src/Illuminate/Http/Middleware/TrustProxies.php | 4 ++++
 tests/Http/Middleware/TrustProxiesTest.php      | 7 +++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/Illuminate/Http/Middleware/TrustProxies.php b/src/Illuminate/Http/Middleware/TrustProxies.php
index faf5daf8db3c..1c1d92c55626 100644
--- a/src/Illuminate/Http/Middleware/TrustProxies.php
+++ b/src/Illuminate/Http/Middleware/TrustProxies.php
@@ -92,6 +92,10 @@ protected function setTrustedProxyIpAddressesToTheCallingIp(Request $request)
      */
     protected function getTrustedHeaderNames()
     {
+        if (is_int($this->headers)) {
+            return $this->headers;
+        }
+
         return match ($this->headers) {
             'HEADER_X_FORWARDED_AWS_ELB', Request::HEADER_X_FORWARDED_AWS_ELB => Request::HEADER_X_FORWARDED_AWS_ELB,
             'HEADER_FORWARDED', Request::HEADER_FORWARDED => Request::HEADER_FORWARDED,
diff --git a/tests/Http/Middleware/TrustProxiesTest.php b/tests/Http/Middleware/TrustProxiesTest.php
index 67be684a73f3..3aa515a4f9a8 100644
--- a/tests/Http/Middleware/TrustProxiesTest.php
+++ b/tests/Http/Middleware/TrustProxiesTest.php
@@ -301,8 +301,7 @@ public function test_x_forwarded_multiple_individual_headers_trusted()
     {
         $trustedProxy = $this->createTrustedProxy(
             Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST |
-            Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PREFIX |
-            Request::HEADER_X_FORWARDED_PROTO,
+            Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO,
             '*'
         );
 
@@ -316,7 +315,7 @@ public function test_x_forwarded_multiple_individual_headers_trusted()
             $this->assertSame('serversforhackers.com', $request->getHost(),
                 'Assert trusted proxy used forwarded header for host');
             $this->assertEquals(443, $request->getPort(), 'Assert trusted proxy used forwarded header for port');
-            $this->assertSame('/prefix', $request->getBaseUrl(), 'Assert trusted proxy used forwarded header for prefix');
+            $this->assertSame('', $request->getBaseUrl(), 'Assert trusted proxy did not use forwarded header for prefix');
         });
     }
 
@@ -362,7 +361,7 @@ public function test_is_reading_text_based_configurations()
      * Fake an HTTP request by generating a Symfony Request object.
      *
      * @param  array  $serverOverrides
-     * @return \Symfony\Component\HttpFoundation\Request
+     * @return \Illuminate\Http\Request
      */
     protected function createProxiedRequest($serverOverrides = [])
     {

From 09bb875f79027215ad7ee5d67b4f7e5056c5de67 Mon Sep 17 00:00:00 2001
From: Chris Morrell <inxilpro@users.noreply.github.com>
Date: Wed, 26 Jul 2023 11:10:04 -0400
Subject: [PATCH 2/2] Remove constants from match statement since they'll never
 match

---
 src/Illuminate/Http/Middleware/TrustProxies.php | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Illuminate/Http/Middleware/TrustProxies.php b/src/Illuminate/Http/Middleware/TrustProxies.php
index 1c1d92c55626..81906c1f1951 100644
--- a/src/Illuminate/Http/Middleware/TrustProxies.php
+++ b/src/Illuminate/Http/Middleware/TrustProxies.php
@@ -97,13 +97,13 @@ protected function getTrustedHeaderNames()
         }
 
         return match ($this->headers) {
-            'HEADER_X_FORWARDED_AWS_ELB', Request::HEADER_X_FORWARDED_AWS_ELB => Request::HEADER_X_FORWARDED_AWS_ELB,
-            'HEADER_FORWARDED', Request::HEADER_FORWARDED => Request::HEADER_FORWARDED,
-            'HEADER_X_FORWARDED_FOR', Request::HEADER_X_FORWARDED_FOR => Request::HEADER_X_FORWARDED_FOR,
-            'HEADER_X_FORWARDED_HOST', Request::HEADER_X_FORWARDED_HOST => Request::HEADER_X_FORWARDED_HOST,
-            'HEADER_X_FORWARDED_PORT', Request::HEADER_X_FORWARDED_PORT => Request::HEADER_X_FORWARDED_PORT,
-            'HEADER_X_FORWARDED_PROTO', Request::HEADER_X_FORWARDED_PROTO => Request::HEADER_X_FORWARDED_PROTO,
-            'HEADER_X_FORWARDED_PREFIX', Request::HEADER_X_FORWARDED_PREFIX => Request::HEADER_X_FORWARDED_PREFIX,
+            'HEADER_X_FORWARDED_AWS_ELB' => Request::HEADER_X_FORWARDED_AWS_ELB,
+            'HEADER_FORWARDED' => Request::HEADER_FORWARDED,
+            'HEADER_X_FORWARDED_FOR' => Request::HEADER_X_FORWARDED_FOR,
+            'HEADER_X_FORWARDED_HOST' => Request::HEADER_X_FORWARDED_HOST,
+            'HEADER_X_FORWARDED_PORT' => Request::HEADER_X_FORWARDED_PORT,
+            'HEADER_X_FORWARDED_PROTO' => Request::HEADER_X_FORWARDED_PROTO,
+            'HEADER_X_FORWARDED_PREFIX' => Request::HEADER_X_FORWARDED_PREFIX,
             default => Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO | Request::HEADER_X_FORWARDED_PREFIX | Request::HEADER_X_FORWARDED_AWS_ELB,
         };
     }