github/dootask
1
0
Fork 0
mirror of https://github.com/kuaifan/dootask.git synced 2026-06-16 12:22:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
dootask/app/Http/Middleware/TrustProxies.php
kuaifan 20c3fa91fb refactor(https): 协议识别下沉到 nginx,TrustProxies 只信 X-Forwarded-Proto 
- nginx 经 APP_SCHEME 环境变量(envsubst 模板)统一控制 X-Forwarded-Proto
- TrustProxies 信任内网代理但仅采信 X-Forwarded-Proto,防 Host 注入
- 移除 WebApi 中间件的硬编码强制 https
- getSchemeAndHost 优先用当前请求 scheme/host,保留非请求上下文兜底
- cmd https 切换后改用 compose up -d 重建 nginx 容器使 envsubst 生效

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-06 01:52:38 +00:00

29 lines
768 B
PHP
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?php
namespace App\Http\Middleware;
use Fideloper\Proxy\TrustProxies as Middleware;
use Illuminate\Http\Request;
class TrustProxies extends Middleware
{
/**
* The trusted proxies for this application.
*
* PHPSwoole只在内网被 nginx 访问,外部无法直连,故信任内网代理。
*
* @var array|string|null
*/
protected $proxies = '*';
/**
* The headers that should be used to detect proxies.
*
* 只采信 X-Forwarded-Protonginx 已用 $the_scheme 覆盖该头(值由 nginx 控制),
* 据此让 url() 实时跟随 httpshost/for 一律不信,避免 Host 注入与 IP 伪造。
*
* @var int
*/
protected $headers = Request::HEADER_X_FORWARDED_PROTO;
}
Reference in New Issue View Git Blame Copy Permalink