From 8747426d230e47a71c10e3702af7ade074cef364 Mon Sep 17 00:00:00 2001
From: Matthew Allan <matt@mattallan.me>
Date: Mon, 17 Feb 2020 09:37:45 -0500
Subject: [PATCH] Support custom trusted header bitmasks

---
 src/TrustProxies.php       | 10 +++++-----
 tests/TrustedProxyTest.php | 16 ++++++++++++++++
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/TrustProxies.php b/src/TrustProxies.php
index b8ded6c..71a7049 100644
--- a/src/TrustProxies.php
+++ b/src/TrustProxies.php
@@ -110,20 +110,20 @@ private function setTrustedProxyIpAddressesToTheCallingIp(Request $request)
     protected function getTrustedHeaderNames()
     {
         $headers = $this->headers ?: $this->config->get('trustedproxy.headers');
+
+        if (is_int($headers)) {
+            return $headers;
+        }
+
         switch ($headers) {
             case 'HEADER_X_FORWARDED_AWS_ELB':
-            case Request::HEADER_X_FORWARDED_AWS_ELB:
                 return Request::HEADER_X_FORWARDED_AWS_ELB;
                 break;
             case 'HEADER_FORWARDED':
-            case Request::HEADER_FORWARDED:
                 return Request::HEADER_FORWARDED;
                 break;
             default:
                 return Request::HEADER_X_FORWARDED_ALL;
         }
-
-        // Should never reach this point
-        return $headers;
     }
 }
diff --git a/tests/TrustedProxyTest.php b/tests/TrustedProxyTest.php
index e526936..558e7c0 100644
--- a/tests/TrustedProxyTest.php
+++ b/tests/TrustedProxyTest.php
@@ -218,6 +218,22 @@ public function test_is_reading_text_based_configurations()
         });
     }
 
+    public function test_can_use_custom_header_bitmasks()
+    {
+        $request = $this->createProxiedRequest();
+
+        // trust *all* "X-Forwarded-*" headers except X-Forwarded-Port
+        $trustedProxy = $this->createTrustedProxy(
+            Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_PORT,
+            '192.168.1.1, 192.168.1.2');
+        $trustedProxy->handle($request, function (Request $request) {
+            $this->assertEquals(
+                $request->getTrustedHeaderSet(),
+                Request::HEADER_X_FORWARDED_ALL ^ Request::HEADER_X_FORWARDED_PORT,
+                'Assert trusted proxy used custom "X-Forwarded-*" headers');
+        });
+    }
+
     ################################################################
     # Utility Functions
     ################################################################