From 22f8c13b7d5cf778aa43b84655e75f4b786cbfe0 Mon Sep 17 00:00:00 2001
From: Patrick Derks <patrick.derks@proton.me>
Date: Mon, 6 Oct 2025 09:00:04 +0200
Subject: [PATCH] feat: add trusted headers

We can cleanup a file in the k8s-meta package after this release
---
 api/v1/store_env.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/api/v1/store_env.go b/api/v1/store_env.go
index a4959c68..ac6353ac 100644
--- a/api/v1/store_env.go
+++ b/api/v1/store_env.go
@@ -384,7 +384,7 @@ func (s *Store) GetEnv() []corev1.EnvVar {
 				},
 			},
 		},
-		// When using https we need this for header trusting
+		// deprecated since 6.7
 		{
 			Name:  "TRUSTED_PROXIES",
 			Value: "REMOTE_ADDR",
@@ -394,6 +394,10 @@ func (s *Store) GetEnv() []corev1.EnvVar {
 			Name:  "SYMFONY_TRUSTED_PROXIES",
 			Value: "REMOTE_ADDR",
 		},
+		{
+			Name:  "SYMFONY_TRUSTED_HEADERS",
+			Value: "['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port']",
+		},
 		// Some Shopware best practises
 		{
 			Name:  "SHOPWARE_DBAL_TIMEZONE_SUPPORT_ENABLED",