Add option to force TLS connection (#9327)

Co-authored-by: Lars Kajes <[email protected]>
snipe · Apr 6, 2021 · 49532e1 · 49532e1
1 parent 09887bd
commit 49532e1
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/.env.example b/.env.example
@@ -144,6 +144,7 @@ APP_LOG=single
 APP_LOG_MAX_FILES=10
 APP_LOCKED=false
 APP_CIPHER=AES-256-CBC
+APP_FORCE_TLS=false
 GOOGLE_MAPS_API=
 LDAP_MEM_LIM=500M
 LDAP_TIME_LIM=600

diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -16,6 +16,7 @@
 use App\Observers\SettingObserver;
 use Illuminate\Support\Facades\Schema;
 use Illuminate\Support\ServiceProvider;
+use Illuminate\Routing\UrlGenerator;
 
 /**
  * This service provider handles setting the observers on models
@@ -33,8 +34,15 @@ class AppServiceProvider extends ServiceProvider
      * @since [v3.0]
      * @return void
      */
-    public function boot()
+    public function boot(UrlGenerator $url)
     {
+        if (env('APP_FORCE_TLS')) {
+            if (strpos(env('APP_URL'), 'https') === 0) {
+                $url->forceScheme('https');
+            } else {
+                \Log::warning("'APP_FORCE_TLS' is set to true, but 'APP_URL' does not start with 'https://'. Will not force TLS on connections.");
+            }
+        }
         Schema::defaultStringLength(191);
         Asset::observe(AssetObserver::class);
         Accessory::observe(AccessoryObserver::class);