If you upgrade an existing Symfony application to the new 3.3.0 version, you may see this error (depending on your application configuration):
The "framework.trusted_proxies" configuration key has been removed in Symfony 3.3.
Remove the framework.trusted_proxies
option from your config file and call
the Request::setTrustedProxies()
method in your front controller.
For example, if your original config was the following:
# app/config/config.yml
framework:
# ...
trusted_proxies: [192.0.0.1, 10.0.0.0/8]
Remove the trusted_proxies
option entirely and add the following in the
app.php
file:
# web/app.php
// BEFORE
// ...
$kernel = new AppKernel('prod', false);
Request::setTrustedHeaderName(Request::HEADER_FORWARDED, null);
$request = Request::createFromGlobals();
// ...
// AFTER
// ...
$kernel = new AppKernel('prod', false);
Request::setTrustedProxies(['192.0.0.1', '10.0.0.0/8'], Request::HEADER_X_FORWARDED_ALL);
$request = Request::createFromGlobals();
// ...
You can do this change right now because it also works in Symfony versions prior to 3.3. That way you'll be ready to upgrade your application and you won't see the error mentioned above when upgrading.
Symfony project follows a backward compatibility policy that lets you upgrade across minor versions (e.g. from 2.7 to 2.8 or from 3.2 to 3.3) without breaking your applications.
The only exception to this policy is when breaking backward compatibility is the only way to fix a security issue. That's what happened in this case. A member of the Heroku team reported this problem to us and the only choice we had was to introduce this BC break.
Luckily the break is easy to fix and you can do it right now to make your applications forward compatible with Symfony 3.3.
What a Symfony developer should know about the framework: News, Jobs, Tweets, Events, Videos,...