From 1d4f4b92de5e74582f0168a8d6d29d9b8c4715fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Rodr=C3=ADguez=20Guimer=C3=A1ns?= Date: Sun, 5 Mar 2023 17:17:48 +0100 Subject: [PATCH 1/3] Include path in the expected URL during Pre-Flight So that the message displayed to the user when the URL Pre-Flight check fails is: > Snipe-IT thinks your URL is SCHEME://DOMAIN, but your real URL is SCHEME://DOMAIN/setup instead of: > Snipe-IT thinks your URL is SCHEME://DOMAIN/setup, but your real URL is SCHEME://DOMAIN/setup Having a missing "/setup" in the expected URL might confuse the user into thinking that it is an additional configuration problem they need to fix. With this change, the comparison between the expected and actual URL will not contain any accidental difference anymore. Only those that the user really needs to be aware of and fix in their setup. --- app/Http/Controllers/SettingsController.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index 5498187561..407788a61b 100755 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -74,9 +74,8 @@ class SettingsController extends Controller } $pageURL = $protocol.$host.$_SERVER['REQUEST_URI']; - $start_settings['url_valid'] = (url('/').'/setup' === $pageURL); - - $start_settings['url_config'] = url('/'); + $start_settings['url_config'] = url('/').'/setup'; + $start_settings['url_valid'] = ($start_settings['url_config'] === $pageURL); $start_settings['real_url'] = $pageURL; $start_settings['php_version_min'] = true; From 548ae7ad22a5c1db703edfd9dcce9bce87e3fd2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Rodr=C3=ADguez=20Guimer=C3=A1ns?= Date: Mon, 27 Feb 2023 21:32:47 +0100 Subject: [PATCH 2/3] Add Reverse Proxy support to Pre-Flight URL check Before this change, the Pre-Flight URL check would inevitably fail whenever Snipe-IT was running behind a reverse proxy or load balancer. The URL check tries to ensure that the configured application URL matches the URL that is actually used to reach the application. However, when running behind an HTTP intermediary (like a reverse proxy or a load balancer) the HTTP connection that Snipe-IT receives is not the _real_ connection from the user anymore, but a connection from the HTTP intermediary. The scheme, host and port that Snipe-IT would obtain from that incoming intermediary connection wouldn't match what is configured as application URL and, therefore, the URL check would fail. This commit solves the situation by making Snipe-IT's Pre-Flight URL check aware of the `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP headers. These headers represent the _de-facto_ standard used by reverse proxies and other HTTP intermediary components to convey information about the incoming HTTP connection to the upstream application. Being the upstream application, Snipe-IT can then make use of this information to correctly evaluate the validity of the configured application URL. --- app/Http/Controllers/SettingsController.php | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index 5498187561..a8212d1357 100755 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -65,12 +65,22 @@ class SettingsController extends Controller $start_settings['db_error'] = $e->getMessage(); } - $protocol = array_key_exists('HTTPS', $_SERVER) && ('on' == $_SERVER['HTTPS']) ? 'https://' : 'http://'; + if (array_key_exists("HTTP_X_FORWARDED_PROTO", $_SERVER)) { + $protocol = $_SERVER["HTTP_X_FORWARDED_PROTO"] . "://"; + } elseif (array_key_exists('HTTPS', $_SERVER) && ('on' == $_SERVER['HTTPS'])) { + $protocol = "https://"; + } else { + $protocol = "http://"; + } - $host = array_key_exists('SERVER_NAME', $_SERVER) ? $_SERVER['SERVER_NAME'] : null; - $port = array_key_exists('SERVER_PORT', $_SERVER) ? $_SERVER['SERVER_PORT'] : null; - if (('http://' === $protocol && '80' != $port) || ('https://' === $protocol && '443' != $port)) { - $host .= ':'.$port; + if (array_key_exists("HTTP_X_FORWARDED_HOST", $_SERVER)) { + $host = $_SERVER["HTTP_X_FORWARDED_HOST"]; + } else { + $host = array_key_exists('SERVER_NAME', $_SERVER) ? $_SERVER['SERVER_NAME'] : null; + $port = array_key_exists('SERVER_PORT', $_SERVER) ? $_SERVER['SERVER_PORT'] : null; + if (('http://' === $protocol && '80' != $port) || ('https://' === $protocol && '443' != $port)) { + $host .= ':'.$port; + } } $pageURL = $protocol.$host.$_SERVER['REQUEST_URI']; From e5deb4b41386388e715005f0e7b5940c7bbbe98a Mon Sep 17 00:00:00 2001 From: Godfrey M Date: Mon, 6 Mar 2023 09:41:14 -0800 Subject: [PATCH 3/3] doesn't allow months to be zero --- app/Models/Depreciation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Models/Depreciation.php b/app/Models/Depreciation.php index 39fb935494..9faa1b86e2 100755 --- a/app/Models/Depreciation.php +++ b/app/Models/Depreciation.php @@ -16,7 +16,7 @@ class Depreciation extends SnipeModel // Declare the rules for the form validation protected $rules = [ 'name' => 'required|min:3|max:255|unique:depreciations,name', - 'months' => 'required|max:3600|integer', + 'months' => 'required|max:3600|integer|gt:0', ]; /**