chore: enforce suggested improvements

levivannoort · levivannoort · commit 0d40cd0ce31d · 2025-12-11T19:03:08.000+01:00
diff --git a/src/Request.php b/src/Request.php
@@ -58,7 +58,7 @@ class Request
      *
      * @var array
      */
-    protected array $trustedIpHeaders = ['x-forwarded-for'];
+    protected array $trustedIpHeaders = [];
 
     /**
      * Get Param
@@ -164,6 +164,24 @@ public function setServer(string $key, string $value): static
         return $this;
     }
 
+    /**
+     * Set trusted ip headers
+     * 
+     * WARNING: Only set these headers if your application is behind a trusted proxy.
+     * Trusting these headers when accepting direct client connections is a security risk.
+     *
+     * @param array $headers List of header names to trust (e.g., ['x-forwarded-for', 'x-real-ip'])
+     * @return static
+     */
+    public function setTrustedIpHeaders(array $headers): static
+    {
+        $this->trustedIpHeaders = array_filter(
+            array_map('trim',
+            array_map('strtolower', $headers))
+        );
+        return $this;
+    }
+
     /**
      * Get IP
      *
@@ -175,7 +193,7 @@ public function setServer(string $key, string $value): static
      */
     public function getIP(): string
     {
-        $remoteAddr = $this->getServer('remote_addr') ?? '0.0.0.0';
+        $remoteAddr = $this->getServer('REMOTE_ADDR') ?? '0.0.0.0';
 
         foreach ($this->trustedIpHeaders as $header) {
             $headerValue = $this->getHeader($header);
