Fixed #15374: load TrustProxies middleware in Kernel.php

[setpill]

Description

Loads the (already implemented) TrustProxies middleware.

Fixes a whole sleuth of issues pertaining to reverse proxies. People complaining about it have been pointed towards correctly configuring their trusted proxies; however it turns out even if they did, Snipe-IT failed to load the middleware responsible for taking them into account.

No additional dependencies required.

Before:

After:

Fixes #15374

Might also fix (non-exhaustive list):

• Docker Compose SSL Config #15346
• [Feature Request]: Header X-Forwarded-For #15332
• Pre-Flight page does not support https #14699
• Can't use snipe-it with nginx reverse proxy & https #13653
• Not redirected to APP_URL but to non-HTTPS internal IP. #11898
• Pre-Flight: Uh oh! Snipe-IT thinks your URL is https:// #10779
• Snipe-IT behind reverse proxy loads resources using HTTP instead of HTTPS #9179

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Relevant details: run the snipe/snipe-it Docker image on a machine, exposing port 80 of the container as port 8080 of the host (127.0.0.1 only if you prefer). Slap a reverse proxy in front of it. Make sure you set all the relevant headers for proxy stuff. If you're using nginx; that would be:

		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Host $host;
		proxy_set_header X-Forwarded-Proto $scheme;

On the Snipe-IT config side, make sure you set APP_URL to whatever you'd use to reach your reverse proxy. And set APP_TRUSTED_PROXIES=172.17.0.1. This is the IP address of the docker host from the perspective of the docker container, on linux. On other platforms, set it to whatever is appropriate. If you're not sure, 0.0.0.0/0 or * should probably work, but I haven't tested it because I do not use such platforms.

• Test A

Open the correct app url that connects you to the reverse proxy (that proxies your request to the snipe-it container). See a big red error, because snipe-it thinks its hostname is localhost:8080 even though you told it to expect something else.

• Test B

Apply the patch, change nothing else. Live in a sea of blissful green checkmarks.

Test Configuration:

• PHP version: whatever is in snipe/snipe-it
• MySQL version: not relevant
• Webserver version: whatever is in snipe/snipe-it
• OS version: Ubuntu 22.04

Checklist:

• I have read the Contributing documentation available here: https://snipe-it.readme.io/docs/contributing-overview
• I have formatted this PR according to the project guidelines: https://snipe-it.readme.io/docs/contributing-overview#pull-request-guidelines
• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[welcome]

💖 Thanks for this pull request! 💖

We use semantic commit messages to streamline the release process and easily generate changelogs between versions. Before your pull request can be merged, you should update your pull request title to start with a semantic prefix if it doesn't have one already.

Examples of commit messages with semantic prefixes:

• Fixed #<issue number>: don't overwrite prevent_default if default wasn't prevented
• Added #<issue number>: add checkout functionality to assets
• Improved Asset Checkout: use new notification method for checkout

Things that will help get your PR across the finish line:

• Document any user-facing changes you've made.
• Include tests when adding/changing behavior.
• Include screenshots and animated GIFs whenever possible.

We get a lot of pull requests on this repo, so please be patient and we will get back to you as soon as we can.

[what-the-diff]

PR Summary

• Addition of TrustProxies Middleware
  This update introduces a new component known as TrustProxies to our system. In simpler terms, TrustProxies works like a security guard who verifies the identity of incoming traffic, ensuring that our online platform remains safe. It has been incorporated into the heart of our system (Kernel.php), enhancing our current security capabilities.

[welcome]

Congrats on merging your first pull request! 🎉🎉🎉

[snipe]

Thanks!