When upgrading from Laravel 8 to Laravel 9, the constant Illuminate\Http\Request::HEADER_X_FORWARDED_ALL was removed because it was never officially defined in Laravel.
This was a common workaround in earlier versions, but it’s not supported in Laravel 9+.
✅ What to do instead
In App\Http\Middleware\TrustProxies, update this line:
❌ Wrong (causes error in Laravel 9):
protected $headers = Request::HEADER_X_FORWARDED_ALL;
✅ Correct (Laravel 9+):
If you’re using all standard forwarded headers:
protected $headers =
Request::HEADER_X_FORWARDED_FOR |
Request::HEADER_X_FORWARDED_HOST |
Request::HEADER_X_FORWARDED_PORT |
Request::HEADER_X_FORWARDED_PROTO;
Or to trust all forwarded headers (if you’re behind a trusted proxy):
protected $headers = Request::HEADER_X_FORWARDED_AWS_ELB;
HEADER_X_FORWARDED_AWS_ELBis a Laravel-defined constant that covers most AWS/ELB setups.
🔒 Also ensure you set the correct proxies:
protected $proxies = '*'; // or ['127.0.0.1', '::1'] or specific IPs
✅ Example of fixed TrustProxies class (Laravel 9):
namespace App\Http\Middleware;
use Illuminate\Http\Request;
use Fideloper\Proxy\TrustProxies as Middleware;
class TrustProxies extends Middleware
{
protected $proxies = '*';
protected $headers =
Request::HEADER_X_FORWARDED_FOR |
Request::HEADER_X_FORWARDED_HOST |
Request::HEADER_X_FORWARDED_PORT |
Request::HEADER_X_FORWARDED_PROTO;
}
🔄 Summary
| Issue | Fix |
|---|---|
HEADER_X_FORWARDED_ALL | Use bitwise combination of valid headers |
| Laravel 9+ IP detection | Update TrustProxies accordingly |
Let me know if you want help choosing the right $proxies value for a specific server like Nginx, Cloudflare, or AWS.
Leave a Reply