Skip to content

Commit

Permalink
Merge pull request #204 from dellow/2.x
Browse files Browse the repository at this point in the history 
[2.x] Adds origin header fallback
  • Loading branch information
@taylorotwell
taylorotwell committed Oct 9, 2020
2 parents a38ffd5 + c277093 commit 632355f
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 4 deletions.
10 changes: 6 additions & 4 deletions src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,14 +55,16 @@ protected function configureSecureCookieSessions()
*/
public static function fromFrontend($request)
{
$referer = Str::replaceFirst('https://', '', $request->headers->get('referer'));
$referer = Str::replaceFirst('http://', '', $referer);
$referer = Str::endsWith($referer, '/') ? $referer : "{$referer}/";
$domain = $request->headers->get('referer') ?: $request->headers->get('origin');

$domain = Str::replaceFirst('https://', '', $domain);
$domain = Str::replaceFirst('http://', '', $domain);
$domain = Str::endsWith($domain, '/') ? $domain : "{$domain}/";

$stateful = array_filter(config('sanctum.stateful', []));

return Str::is(Collection::make($stateful)->map(function ($uri) {
return trim($uri).'/*';
})->all(), $referer);
})->all(), $domain);
}
}
20 changes: 20 additions & 0 deletions tests/EnsureFrontendRequestsAreStatefulTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,26 @@ public function test_request_referer_is_parsed_against_configuration()
$this->assertTrue(EnsureFrontendRequestsAreStateful::fromFrontend($request));
}

public function test_request_origin_fallback()
{
$request = Request::create('/');
$request->headers->set('origin', 'test.com');

$this->assertTrue(EnsureFrontendRequestsAreStateful::fromFrontend($request));

$request = Request::create('/');
$request->headers->set('referer', null);
$request->headers->set('origin', 'test.com');

$this->assertTrue(EnsureFrontendRequestsAreStateful::fromFrontend($request));

$request = Request::create('/');
$request->headers->set('referer', '');
$request->headers->set('origin', 'test.com');

$this->assertTrue(EnsureFrontendRequestsAreStateful::fromFrontend($request));
}

public function test_wildcard_matching()
{
$request = Request::create('/');
Expand Down

0 comments on commit 632355f

Please sign in to comment.