Fixed #12772 - use the APP_URL config more consistently

[snipe]

I don't think this should harm anything here - we switched over to using config('app.url') a while back to better handle folks running Snipe-IT in a subdirectory, but I don't think we updated it everywhere.

[what-the-diff]

PR Summary

• Update url() helper and fix hardcoded urls
  The url() helper now uses the app configuration instead of hardcoded urls in various parts of the code.

• Fix image path in requested.blade.php
  The image path is now fixed and more reliable for requests made through the website.

• Use app configuration for URLs in multiple files
  Removed hardcoded URLs and now use the app's configuration for better consistency and maintainability.

• Add baseUrl meta tag
  Introduced a new baseUrl meta tag with the app's URL value for better organization and easier management.

• Pull logo image and site link from configuration
  Both logo image and site link in the footer now use the app's configuration for a more unified and easier-to-update approach.

[uberbrady]

This absolutely looks much cleaner, but I do think we're going to have some problems here.

The main one I can think of is that if someone has APP_ALLOW_INSECURE_HOSTS enabled (which plenty of self-hosted customers may use, specifically when they have different "inside hostnames" versus "outside hostnames"). I mean, I, personally, wouldn't ever do that, but I have definitely seen some of our users do that.

Maybe there's a new Helper function we should consider for this, instead?

[marcusmoore]

@uberbrady would that mean that places using config('app.url') already would cause the issue now?

[uberbrady]

@uberbrady would that mean that places using config('app.url') already would cause the issue now?

I mean, that's a pretty fair point - it's definitely possible. I just don't want to hose people that we don't have to hose on this one.

[snipe]

@marcusmoore - that's the argument I'm having with him right now at the annex :D

He's referring to this:

snipe-it/app/Providers/AppServiceProvider.php

Lines 47 to 54 in 6aec73c

	// TODO - isn't it somehow 'gauche' to check the environment directly; shouldn't we be using config() somehow?
	if ( ! env('APP_ALLOW_INSECURE_HOSTS')) { // unless you set APP_ALLOW_INSECURE_HOSTS, you should PROHIBIT forging domain parts of URL via Host: headers
	$url_parts = parse_url(config('app.url'));
	if ($url_parts && array_key_exists('scheme', $url_parts) && array_key_exists('host', $url_parts)) { // check for the *required* parts of a bare-minimum URL
	\URL::forceRootUrl(config('app.url'));
	} else {
	\Log::error("Your APP_URL in your .env is misconfigured - it is: ".config('app.url').". Many things will work strangely unless you fix it.");
	}

But we're already using the config value there - and we already use config('app.url') in a buttload of other places, so if it was going to interfere, I'd expect it to have been half-broken the whole time.

[spencerrlongg]

@marcusmoore - that's the argument I'm having with him right now at the annex :D

He's referring to this:

snipe-it/app/Providers/AppServiceProvider.php

Lines 47 to 54 in 6aec73c

	// TODO - isn't it somehow 'gauche' to check the environment directly; shouldn't we be using config() somehow?
	if ( ! env('APP_ALLOW_INSECURE_HOSTS')) { // unless you set APP_ALLOW_INSECURE_HOSTS, you should PROHIBIT forging domain parts of URL via Host: headers
	$url_parts = parse_url(config('app.url'));
	if ($url_parts && array_key_exists('scheme', $url_parts) && array_key_exists('host', $url_parts)) { // check for the *required* parts of a bare-minimum URL
	\URL::forceRootUrl(config('app.url'));
	} else {
	\Log::error("Your APP_URL in your .env is misconfigured - it is: ".config('app.url').". Many things will work strangely unless you fix it.");
	}

But we're already using the config value there - and we already use config('app.url') in a buttload of other places, so if it was going to interfere, I'd expect it to have been half-broken the whole time.

Yeah, was just looking at that and agree.

[marcusmoore]

@spencerrlongg hit submit on the comment I was typing out 😄 . I also agree.

[uberbrady]

MUTINY! YOU'RE ALL FIRRRRRRRREDDDD!!!!!!

[snipe]

AND DIVORCED!!! 🤣

I think this should be good to go then - we are agreed?

[marcusmoore]

😆 yeah. I think we're good to go.