Nicolas Grekas
Contributed by Nicolas Grekas in #37351 and #37357

The front controller is a design pattern which makes all requests to be served through a certain piece of code. In Symfony applications that's the purpose of the public/index.php file.

When configuring certain features of the front controller, such as trusted proxies in load balancers or HTTP cache in reverse proxies, you need to edit the code of the public/index.php file. In Symfony 5.2 we've introduced a new feature to configure the front controller behavior using configuration options.

Using YAML, XML or PHP, you can now define the trusted_proxies, trusted_headers and http_cache options to change your front controller behavior:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# config/packages/framework.yaml
framework:
    # use the HTTP Cache defaults
    http_cache: true

    # configure every HTTP Cache option
    http_cache:
        private_headers: ['Authorization', 'Cookie', 'MyCustomHeader']
        default_ttl: 3600
        allow_revalidate: true
        stale_if_error: 600

    # configure proxies to trust directly in the config file:
    trusted_proxies: '127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16'
    # or use an env var if this value is dynamic
    trusted_proxies: '%env(TRUSTED_PROXIES)%'

    # you can also define the trusted headers
    trusted_headers: ['x-forwarded-all', '!x-forwarded-host', '!x-forwarded-prefix']

According to our own benchmarks, configuring these options instead of modifying the index.php file can make the application up to 20% slower. However, when using PHP preloading (available since PHP 7.4) the difference disappears and both alternatives run equally fast.

Published in #Living on the edge