mirror of
https://github.com/snipe/snipe-it.git
synced 2025-01-11 13:57:41 -08:00
Possible fix proxy/reverse proxy
Signed-off-by: snipe <snipe@snipe.net>
This commit is contained in:
parent
9380c9ec81
commit
d9f70c16f7
|
@ -21,6 +21,7 @@ use Illuminate\Routing\UrlGenerator;
|
|||
use Illuminate\Support\Facades\Schema;
|
||||
use Illuminate\Support\ServiceProvider;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Illuminate\Support\Facades\URL;
|
||||
|
||||
/**
|
||||
* This service provider handles setting the observers on models
|
||||
|
@ -31,7 +32,7 @@ use Illuminate\Support\Facades\Log;
|
|||
class AppServiceProvider extends ServiceProvider
|
||||
{
|
||||
/**
|
||||
* Custom email array validation
|
||||
* Bootstrap application services.
|
||||
*
|
||||
* @author [A. Gianotto] [<snipe@snipe.net>]
|
||||
* @since [v3.0]
|
||||
|
@ -39,19 +40,24 @@ class AppServiceProvider extends ServiceProvider
|
|||
*/
|
||||
public function boot(UrlGenerator $url)
|
||||
{
|
||||
if (env('APP_FORCE_TLS')) {
|
||||
if (strpos(env('APP_URL'), 'https') === 0) {
|
||||
/**
|
||||
* This is a workaround for proxies/reverse proxies that don't always pass the proper headers.
|
||||
*
|
||||
* Here, we check if the APP_URL starts with https://, which we should always honor,
|
||||
* regardless of how well the proxy or network is configured.
|
||||
*
|
||||
* We'll force the https scheme if the APP_URL starts with https://, or if APP_FORCE_TLS is set to true.
|
||||
*
|
||||
*/
|
||||
if ((strpos(env('APP_URL'), 'https://') === 0) || (env('APP_FORCE_TLS'))) {
|
||||
$url->forceScheme('https');
|
||||
} else {
|
||||
Log::debug("'APP_FORCE_TLS' is set to true, but 'APP_URL' does not start with 'https://'. Will not force TLS on connections.");
|
||||
}
|
||||
}
|
||||
|
||||
// TODO - isn't it somehow 'gauche' to check the environment directly; shouldn't we be using config() somehow?
|
||||
if ( ! env('APP_ALLOW_INSECURE_HOSTS')) { // unless you set APP_ALLOW_INSECURE_HOSTS, you should PROHIBIT forging domain parts of URL via Host: headers
|
||||
$url_parts = parse_url(config('app.url'));
|
||||
if ($url_parts && array_key_exists('scheme', $url_parts) && array_key_exists('host', $url_parts)) { // check for the *required* parts of a bare-minimum URL
|
||||
\URL::forceRootUrl(config('app.url'));
|
||||
URL::forceRootUrl(config('app.url'));
|
||||
} else {
|
||||
Log::error("Your APP_URL in your .env is misconfigured - it is: ".config('app.url').". Many things will work strangely unless you fix it.");
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue