DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-09 23:24:06 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/develop'

Browse source
This commit is contained in:
snipe 2024-06-19 10:23:18 +01:00
parent 6e40b58dc5 d8eccf03f1
commit 20d5587851
1 changed files with 14 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
app/Providers/AppServiceProvider.php
View file

@ -21,6 +21,7 @@ use Illuminate\Routing\UrlGenerator;
use Illuminate\Support\Facades\Schema;
use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\URL;
/**
* This service provider handles setting the observers on models
@ -31,7 +32,7 @@ use Illuminate\Support\Facades\Log;
class AppServiceProvider extends ServiceProvider
{
/**
* Custom email array validation
* Bootstrap application services.
*
* @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v3.0]
@ -39,19 +40,24 @@ class AppServiceProvider extends ServiceProvider
*/
public function boot(UrlGenerator $url)
{
if (env('APP_FORCE_TLS')) {
if (strpos(env('APP_URL'), 'https') === 0) {
/**
* This is a workaround for proxies/reverse proxies that don't always pass the proper headers.
*
* Here, we check if the APP_URL starts with https://, which we should always honor,
* regardless of how well the proxy or network is configured.
*
* We'll force the https scheme if the APP_URL starts with https://, or if APP_FORCE_TLS is set to true.
*
*/
if ((strpos(env('APP_URL'), 'https://') === 0) || (env('APP_FORCE_TLS'))) {
$url->forceScheme('https');
} else {
Log::debug("'APP_FORCE_TLS' is set to true, but 'APP_URL' does not start with 'https://'. Will not force TLS on connections.");
}
}
// TODO - isn't it somehow 'gauche' to check the environment directly; shouldn't we be using config() somehow?
if ( ! env('APP_ALLOW_INSECURE_HOSTS')) { // unless you set APP_ALLOW_INSECURE_HOSTS, you should PROHIBIT forging domain parts of URL via Host: headers
$url_parts = parse_url(config('app.url'));
if ($url_parts && array_key_exists('scheme', $url_parts) && array_key_exists('host', $url_parts)) { // check for the *required* parts of a bare-minimum URL
\URL::forceRootUrl(config('app.url'));
URL::forceRootUrl(config('app.url'));
} else {
Log::error("Your APP_URL in your .env is misconfigured - it is: ".config('app.url').". Many things will work strangely unless you fix it.");
}