DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-02-21 03:15:45 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
snipe-it/app/Http/Controllers
History
Manuel Rodríguez Guimeráns 548ae7ad22 Add Reverse Proxy support to Pre-Flight URL check 
Before this change, the Pre-Flight URL check would inevitably fail
whenever Snipe-IT was running behind a reverse proxy or load balancer.

The URL check tries to ensure that the configured application URL
matches the URL that is actually used to reach the application. However,
when running behind an HTTP intermediary (like a reverse proxy or a load
balancer) the HTTP connection that Snipe-IT receives is not the _real_
connection from the user anymore, but a connection from the HTTP
intermediary. The scheme, host and port that Snipe-IT would obtain from
that incoming intermediary connection wouldn't match what is configured
as application URL and, therefore, the URL check would fail.

This commit solves the situation by making Snipe-IT's Pre-Flight URL
check aware of the `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP
headers. These headers represent the _de-facto_ standard used by reverse
proxies and other HTTP intermediary components to convey information
about the incoming HTTP connection to the upstream application. Being
the upstream application, Snipe-IT can then make use of this information
to correctly evaluate the validity of the configured application URL.
2023-03-05 18:15:16 +01:00
..
Accessories Hoist the autorization higher in the stack so we’re not doing logic or math when the user isn’t authorized to touch this 2023-01-23 21:49:17 -08:00
Account Store the acceptance dates with format YYY-mm-dd 2023-01-30 15:11:41 -06:00
Api Merge pull request #12578 from inietov/fixes/undefined_variable_total 2023-02-28 20:50:00 -08:00
Assets Merge branch 'develop' into features/make_eol_sortable 2023-02-28 18:05:09 -08:00
Auth Merge pull request #12188 from snipe/fixes/decrease_logging_for_saml_when_not_enabled 2022-12-15 11:26:49 -08:00
Components Disallow uploads if app is locked 2022-11-03 13:52:23 -07:00
Consumables Disallow uploads if app is locked 2022-11-03 13:52:23 -07:00
Kits Merge remote-tracking branch 'origin/master' into develop 2022-05-12 09:31:42 -07:00
Licenses Use correct LicenseSeat property 2023-03-02 19:33:32 -06:00
Users Merge pull request #12406 from akemidx/vip_tag 2023-02-23 12:23:29 -08:00
ActionlogController.php
AssetMaintenancesController.php removes dead code 2022-10-18 15:25:38 -07:00
AssetModelsController.php Replace 'required' rule with 'nullable' to allow blank default customfields values 2022-08-25 18:16:50 -05:00
AssetModelsFilesController.php Use new upload string 2022-11-03 13:57:50 -07:00
BulkAssetModelsController.php
CategoriesController.php
CheckInOutRequest.php
CompaniesController.php
Controller.php
CustomFieldsController.php Remove e() function from customfield format input 2023-02-12 16:27:37 -06:00
CustomFieldsetsController.php Fixed mismatched field/fieldset 2023-02-07 13:31:50 -08:00
DashboardController.php Calculate the proper amount of people in the dashboard if Full Company Support is enabled 2022-12-20 18:39:17 -06:00
DepartmentsController.php allows company and location ids to be null 2022-08-11 12:47:40 -07:00
DepreciationsController.php
GroupsController.php
HealthController.php
ImportsController.php
LocationsController.php Remove name from blanking paroperties 2023-03-01 14:12:33 -08:00
ManufacturersController.php
ModalController.php Fixed visibility for constants and methods 2023-02-06 12:44:02 -08:00
ProfileController.php Use the imageHandler for profile avatar changes 2023-01-21 18:05:20 -08:00
ReportsController.php The 'download activity report' displayed the wrong value for 'admin' 2023-03-01 12:23:13 -08:00
SettingsController.php Add Reverse Proxy support to Pre-Flight URL check 2023-03-05 18:15:16 +01:00
StatuslabelsController.php
SuppliersController.php
ViewAssetsController.php Added comments and spacing for readability 2022-11-16 17:48:28 +00:00