protected function validateRequest(Request $request) {
// is the Request safe?
if (!$request
->isMethodSafe()) {
throw new AccessDeniedHttpException();
}
// does the Request come from a trusted IP?
$trustedIps = array_merge($this
->getLocalIpAddresses(), $request
->getTrustedProxies());
$remoteAddress = $request->server
->get('REMOTE_ADDR');
if (IpUtils::checkIp($remoteAddress, $trustedIps)) {
return;
}
// is the Request signed?
// we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
if ($this->signer
->check($request
->getSchemeAndHttpHost() . $request
->getBaseUrl() . $request
->getPathInfo() . (null !== ($qs = $request->server
->get('QUERY_STRING')) ? '?' . $qs : ''))) {
return;
}
throw new AccessDeniedHttpException();
}