From 1adae37e098c720f1bf0904c405d039c71bb7b85 Mon Sep 17 00:00:00 2001 From: "Edward Tirado Jr." Date: Fri, 26 Dec 2025 13:30:29 -0600 Subject: [PATCH] updated to handle proxies correctly --- .env.example | 2 ++ bootstrap/app.php | 2 ++ config/app.php | 15 +++++++++++++++ 3 files changed, 19 insertions(+) diff --git a/.env.example b/.env.example index c0660ea..f119aff 100644 --- a/.env.example +++ b/.env.example @@ -33,6 +33,8 @@ SESSION_ENCRYPT=false SESSION_PATH=/ SESSION_DOMAIN=null +TRUSTED_PROXIES=127.0.0.1,::1 + BROADCAST_CONNECTION=log FILESYSTEM_DISK=local QUEUE_CONNECTION=database diff --git a/bootstrap/app.php b/bootstrap/app.php index 4cd7d29..bfcd434 100644 --- a/bootstrap/app.php +++ b/bootstrap/app.php @@ -11,6 +11,8 @@ return Application::configure(basePath: dirname(__DIR__)) health: '/up', ) ->withMiddleware(function (Middleware $middleware): void { + $proxies = config('app.trusted_proxies'); + $middleware->trustProxies(at: $proxies === '*' ? '*' : array_map('trim', explode(',', $proxies))); $middleware->web(append: [ \App\Http\Middleware\AddContentSecurityPolicy::class, ]); diff --git a/config/app.php b/config/app.php index 423eed5..0fb4257 100644 --- a/config/app.php +++ b/config/app.php @@ -123,4 +123,19 @@ return [ 'store' => env('APP_MAINTENANCE_STORE', 'database'), ], + /* + |-------------------------------------------------------------------------- + | Trusted Proxies + |-------------------------------------------------------------------------- + | + | Set the IP addresses or CIDR ranges of proxies to trust for forwarded + | headers (X-Forwarded-Proto, X-Forwarded-For, etc). Use comma-separated + | values for multiple proxies, or '*' to trust all proxies. + | + | Examples: '127.0.0.1,::1', '10.0.0.0/8', '192.168.1.1', '*' + | + */ + + 'trusted_proxies' => env('TRUSTED_PROXIES', '127.0.0.1,::1'), + ];