mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-24 21:24:13 -08:00
Force UrlGenerator's Root URL to be the base of APP_URL unless overriden
(For v5)
This commit is contained in:
parent
f9647614ab
commit
0c4768fd2a
|
@ -145,6 +145,7 @@ APP_LOG_MAX_FILES=10
|
|||
APP_LOCKED=false
|
||||
APP_CIPHER=AES-256-CBC
|
||||
APP_FORCE_TLS=false
|
||||
APP_ALLOW_INSECURE_HOSTS=false
|
||||
GOOGLE_MAPS_API=
|
||||
LDAP_MEM_LIM=500M
|
||||
LDAP_TIME_LIM=600
|
||||
|
|
|
@ -43,6 +43,14 @@ class AppServiceProvider extends ServiceProvider
|
|||
\Log::warning("'APP_FORCE_TLS' is set to true, but 'APP_URL' does not start with 'https://'. Will not force TLS on connections.");
|
||||
}
|
||||
}
|
||||
|
||||
// TODO - isn't it somehow 'gauche' to check the environment directly; shouldn't we be using config() somehow?
|
||||
if ( ! env('APP_ALLOW_INSECURE_HOSTS')) { // unless you set APP_ALLOW_INSECURE_HOSTS, you should PROHIBIT forging domain parts of URL via Host: headers
|
||||
$url_parts = parse_url(config('app.url'));
|
||||
$root_url = $url_parts['scheme'].'://'.$url_parts['host'].( isset($url_parts['port']) ? ':'.$url_parts['port'] : '');
|
||||
\URL::forceRootUrl($root_url);
|
||||
}
|
||||
|
||||
Schema::defaultStringLength(191);
|
||||
Asset::observe(AssetObserver::class);
|
||||
Accessory::observe(AccessoryObserver::class);
|
||||
|
|
Loading…
Reference in a new issue