DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-12-26 06:04:08 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Merge pull request #10623 from uberbrady/fix_secure_hosts_in_subdirectory

Browse source 
Fixes #10577 - Fix "secure hostnames" feature for subdirectory-based Snipe-IT installs
This commit is contained in:
snipe 2022-02-07 11:33:33 -08:00 committed by GitHub
parent f4069e00cd f1d4087317
commit 1a31231569
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/Providers/AppServiceProvider.php
View file

@ -47,9 +47,8 @@ class AppServiceProvider extends ServiceProvider
// TODO - isn't it somehow 'gauche' to check the environment directly; shouldn't we be using config() somehow?
if ( ! env('APP_ALLOW_INSECURE_HOSTS')) { // unless you set APP_ALLOW_INSECURE_HOSTS, you should PROHIBIT forging domain parts of URL via Host: headers
$url_parts = parse_url(config('app.url'));
if ($url_parts && array_key_exists('scheme', $url_parts) && array_key_exists('host', $url_parts)) {
$root_url = $url_parts['scheme'].'://'.$url_parts['host'].(isset($url_parts['port']) ? ':'.$url_parts['port'] : '');
\URL::forceRootUrl($root_url);
if ($url_parts && array_key_exists('scheme', $url_parts) && array_key_exists('host', $url_parts)) { // check for the *required* parts of a bare-minimum URL
\URL::forceRootUrl(config('app.url'));
} else {
\Log::error("Your APP_URL in your .env is misconfigured - it is: ".config('app.url').". Many things will work strangely unless you fix it.");
}