Do more on the web, with a fast and secure browser!

Download Opera browser with:

  • built-in ad blocker
  • battery saver
  • free VPN
Download Opera

Conflicting headers

  • I noticed that, when using opera mini to access a website, both "X-Forwarded-For" and "Forwarded" are sent, i assume you use a proxy to speedup websites, but to my knowledge, if a proxy natively uses the X-Forwarded-For header, it should not allow clients to send Forwarded headers (see http://symfony.com/doc/2.8/components/http_foundation/trusting_proxies.html).

    Any application using Symfony framework (which means a lot) won't allow it, except if you ignore those headers (which seems bad). Is this behavior something you wanted (in which case, why ?), or some proxy misconfiguration ?

  • X-Forwarded-For and Forwarded headers serves the same purpose: to inform web server about IP of the original client. We add both of those headers on Opera Mini servers: Forwarded is a standard-compliant way, but it's new and a lot of sites may not use it yet so we add X-Forwarder-For as well, which was commonly used for many years.

    Symfony framework will not trust those headers by default, what means that if you are a web developer and you call getClientIp() method, it will return IP of Opera Mini server, not your real IP given in X-Forwarded-For or Forwarded header. But the page should load. The same would apply for all other proxies.

  • My websites, which are symfony 2.8 based, will throw me a Symfony\Component\HttpFoundation\Exception\ConflictingHeadersException , which result in a 400 (bad request) response

  • the exception will be thrown with those headers :
    Forwarded: for="10.10.10.10:13002"
    X-Forwarded-For: 10.10.10.10, 141.0.14.114

  • The actual problem is that the two headers are added with varying information:

    // Forwarded
    Array
    (
        [0] => 46.127.15.xxx
    )
    
    // X-Forwarded-For
    Array
    (
        [0] => 82.145.219.118
        [1] => 82.145.219.118
        [2] => 46.127.15.xxx
    )
    

    The Forwarded header is missing the IP chain, therefore Symfony throws the exception.

Locked