Force UrlGenerator's Root URL to be the base of APP_URL unless overriden

(For v5)
This commit is contained in:
Brady Wetherington 2022-01-18 15:31:30 -08:00
parent f9647614ab
commit 0c4768fd2a
2 changed files with 9 additions and 0 deletions

View file

@ -145,6 +145,7 @@ APP_LOG_MAX_FILES=10
APP_LOCKED=false
APP_CIPHER=AES-256-CBC
APP_FORCE_TLS=false
APP_ALLOW_INSECURE_HOSTS=false
GOOGLE_MAPS_API=
LDAP_MEM_LIM=500M
LDAP_TIME_LIM=600

View file

@ -43,6 +43,14 @@ class AppServiceProvider extends ServiceProvider
\Log::warning("'APP_FORCE_TLS' is set to true, but 'APP_URL' does not start with 'https://'. Will not force TLS on connections.");
}
}
// TODO - isn't it somehow 'gauche' to check the environment directly; shouldn't we be using config() somehow?
if ( ! env('APP_ALLOW_INSECURE_HOSTS')) { // unless you set APP_ALLOW_INSECURE_HOSTS, you should PROHIBIT forging domain parts of URL via Host: headers
$url_parts = parse_url(config('app.url'));
$root_url = $url_parts['scheme'].'://'.$url_parts['host'].( isset($url_parts['port']) ? ':'.$url_parts['port'] : '');
\URL::forceRootUrl($root_url);
}
Schema::defaultStringLength(191);
Asset::observe(AssetObserver::class);
Accessory::observe(AccessoryObserver::class);