DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-09-19 23:37:38 -07:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Possible fix proxy/reverse proxy

Browse source 
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
snipe 2024-06-18 14:44:35 +01:00
parent 9380c9ec81
commit d9f70c16f7
1 changed files with 14 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
app/Providers/AppServiceProvider.php
View file

@ -21,6 +21,7 @@ use Illuminate\Routing\UrlGenerator;
use Illuminate\Support\Facades\Schema; use Illuminate\Support\Facades\Schema;
use Illuminate\Support\ServiceProvider; use Illuminate\Support\ServiceProvider;
use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\URL;
/** /**
* This service provider handles setting the observers on models * This service provider handles setting the observers on models
@ -31,7 +32,7 @@ use Illuminate\Support\Facades\Log;
class AppServiceProvider extends ServiceProvider class AppServiceProvider extends ServiceProvider
{ {
/** /**
* Custom email array validation * Bootstrap application services.
* *
* @author [A. Gianotto] [<snipe@snipe.net>] * @author [A. Gianotto] [<snipe@snipe.net>]
* @since [v3.0] * @since [v3.0]
@ -39,19 +40,24 @@ class AppServiceProvider extends ServiceProvider
*/ */
public function boot(UrlGenerator $url) public function boot(UrlGenerator $url)
{ {
if (env('APP_FORCE_TLS')) { /**
if (strpos(env('APP_URL'), 'https') === 0) { * This is a workaround for proxies/reverse proxies that don't always pass the proper headers.
$url->forceScheme('https'); *
} else { * Here, we check if the APP_URL starts with https://, which we should always honor,
Log::debug("'APP_FORCE_TLS' is set to true, but 'APP_URL' does not start with 'https://'. Will not force TLS on connections."); * regardless of how well the proxy or network is configured.
} *
* We'll force the https scheme if the APP_URL starts with https://, or if APP_FORCE_TLS is set to true.
*
*/
if ((strpos(env('APP_URL'), 'https://') === 0) || (env('APP_FORCE_TLS'))) {
$url->forceScheme('https');
} }
// TODO - isn't it somehow 'gauche' to check the environment directly; shouldn't we be using config() somehow? // TODO - isn't it somehow 'gauche' to check the environment directly; shouldn't we be using config() somehow?
if ( ! env('APP_ALLOW_INSECURE_HOSTS')) { // unless you set APP_ALLOW_INSECURE_HOSTS, you should PROHIBIT forging domain parts of URL via Host: headers if ( ! env('APP_ALLOW_INSECURE_HOSTS')) { // unless you set APP_ALLOW_INSECURE_HOSTS, you should PROHIBIT forging domain parts of URL via Host: headers
$url_parts = parse_url(config('app.url')); $url_parts = parse_url(config('app.url'));
if ($url_parts && array_key_exists('scheme', $url_parts) && array_key_exists('host', $url_parts)) { // check for the *required* parts of a bare-minimum URL if ($url_parts && array_key_exists('scheme', $url_parts) && array_key_exists('host', $url_parts)) { // check for the *required* parts of a bare-minimum URL
\URL::forceRootUrl(config('app.url')); URL::forceRootUrl(config('app.url'));
} else { } else {
Log::error("Your APP_URL in your .env is misconfigured - it is: ".config('app.url').". Many things will work strangely unless you fix it."); Log::error("Your APP_URL in your .env is misconfigured - it is: ".config('app.url').". Many things will work strangely unless you fix it.");
} }