Fixed HTTPS links on reverse proxies

The force HTTPS option in the config now turns any link into HTTPS. This also works on reverse proxy setups. The previous option in the config is now being replaced with the new option FORCE_ROUTE_HTTPS which redirects all routes and pages to HTTPS. This option should never be used behind a reverse proxy. See issue: https://github.com/JulianPrieber/littlelink-custom/issues/216
2022-11-20 14:10:49 +01:00 · 2022-11-20 14:10:49 +01:00 · 542afadd8b
parent ac77efe5a8
commit 542afadd8b
4 changed files with 11 additions and 4 deletions
--- a/.env
+++ b/.env
@ -95,3 +95,6 @@ ENABLE_SOCIAL_LOGIN=false

 #Sets if a plain PNG or iframe should be used for the theme preview image
 USE_THEME_PREVIEW_IFRAME=true
+
+#Redirects all pages to https
+FORCE_ROUTE_HTTPS=false
--- a/resources/views/layouts/lang.blade.php
+++ b/resources/views/layouts/lang.blade.php
@ -1,3 +1,4 @@
+@if(env('FORCE_HTTPS') == 'true')<?php URL::forceScheme('https');  ?>@endif
@if(env('CUSTOM_META_TAGS') == 'true' and config('advanced-config.lang') != '')
 <html lang="{{ config('advanced-config.lang') }}">
@else
@ -6,7 +7,7 @@


 {{-- Redirects to https if enabled in the advanced-config --}}
-@if(env('FORCE_HTTPS') == 'true')
+@if(env('FORCE_ROUTE_HTTPS') == 'true')
@php
 if (! isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == 'off' ) {
    $redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
--- a/routes/web.php
+++ b/routes/web.php
@ -73,7 +73,7 @@ Route::get('/theme/@{littlelink}', [UserController::class, 'theme'])->name('them
 Route::group([
    'middleware' => env('REGISTER_AUTH'),
 ], function () {
-if(env('FORCE_HTTPS') == 'true'){URL::forceScheme('https');}
+if(env('FORCE_ROUTE_HTTPS') == 'true'){URL::forceScheme('https');}
 if(isset($_COOKIE['LinkCount'])){if($_COOKIE['LinkCount'] == '20'){$LinkPage = 'showLinks20';}elseif($_COOKIE['LinkCount'] == '30'){$LinkPage = 'showLinks30';}elseif($_COOKIE['LinkCount'] == 'all'){$LinkPage = 'showLinksAll';} else {$LinkPage = 'showLinks';}} else {$LinkPage = 'showLinks';} //Shows correct link number
 Route::get('/studio/index', [UserController::class, 'index'])->name('studioIndex');
 Route::get('/studio/add-link', [UserController::class, 'AddUpdateLink'])->name('showButtons');
@ -112,7 +112,7 @@ Route::get('/social-auth/{provider}', [SocialLoginController::class, 'redirectTo
 Route::group([
    'middleware' => 'admin',
 ], function () {
-    if(env('FORCE_HTTPS') == 'true'){URL::forceScheme('https');}
+    if(env('FORCE_ROUTE_HTTPS') == 'true'){URL::forceScheme('https');}
    Route::get('/panel/index', [AdminController::class, 'index'])->name('panelIndex');
    Route::get('/panel/users/{type}', [AdminController::class, 'users'])->name('showUsers');
    Route::post('/panel/users/{name?}', [AdminController::class, 'searchUser'])->name('searchUser');
--- a/storage/backups/default_settings
+++ b/storage/backups/default_settings
@ -94,4 +94,7 @@ ENABLE_THEME_UPDATER=true
 ENABLE_SOCIAL_LOGIN=false

 #Sets if a plain PNG or iframe should be used for the theme preview image
-USE_THEME_PREVIEW_IFRAME=true
+USE_THEME_PREVIEW_IFRAME=true
+
+#Redirects all pages to https
+FORCE_ROUTE_HTTPS=false