Trusted proxies settings are not respected

[Jean85]

I've found that, due to getsentry/sentry-php#945, trusted proxies headers are no longer fetched; well, to be fair it was neither before, but they were trusted all the time, which is a security mistake.

We need to fix this in the bundle, but I think I'll wait the release of getsentry/sentry-php#984, so we could directly inject the Symfony request instead, just before bridging it to a PSR-7 one using https://symfony.com/doc/current/components/psr7.html

[ste93cry]

This should have been fixed in #361

they were trusted all the time, which is a security mistake.

I don't think it was a security issue because we're just collecting this kind of information for data analysis 👍

[ste93cry]

I'm reopening this because I just realized that the RequestIntegration integration has no way to fetch the client IP besides reading it from the REMOTE_ADDR server param, so this issue is still not resolved yet. To be honest, I don't have a clear idea of how to make it work without either changing the main SDK or rely on a custom integration for this project because the PSR standard does not offer any method to get specifically the IP address regardless of where it is read from

[Jean85]

Wait, we need to split the stuff in two: client and host. We shouldn't confuse the two, even if both are influenced by proxy headers.

[github-actions]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀