Merge pull request #653 from LinkStackOrg/DisableCookies

Disable cookies

Author: JulianPrieber

app/Http/Kernel.php

@@ -54,6 +54,7 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $routeMiddleware = [
+        'disableCookies' => \App\Http\Middleware\DisableCookies::class,
         'auth' => \App\Http\Middleware\Authenticate::class,
         'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
         'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,

app/Http/Middleware/DisableCookies.php

@@ -0,0 +1,29 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Support\Facades\Cookie;
+use Illuminate\Http\Request;
+
+class DisableCookies
+{
+
+    public function handle(Request $request, Closure $next)
+    {
+        $cookiesAlreadySet = $request->hasCookie(strtolower(config('app.name')).'_session') || $request->hasCookie('XSRF-TOKEN');
+
+        if ($cookiesAlreadySet) {
+            return $next($request);
+        }
+
+        Cookie::queue(Cookie::forget(strtolower(config('app.name')).'_session'));
+        Cookie::queue(Cookie::forget('XSRF-TOKEN'));
+        config(['session.driver' => 'array']);
+
+        $response = $next($request);
+        $response->headers->remove('Set-Cookie');
+
+        return $response;
+    }
+}

routes/home.php

@@ -1,6 +1,8 @@
 <?php
 use App\Http\Controllers\UserController;
 
+Route::middleware('disableCookies')->group(function () {
+
 $host = request()->getHost();
 $customConfigs = config('advanced-config.custom_domains', []);
 
@@ -43,3 +45,5 @@
         Route::get('/', [App\Http\Controllers\HomeController::class, 'home'])->name('home');
     }
 }
+
+});

routes/web.php

@@ -68,21 +68,21 @@
 
 //Public route
 $custom_prefix = config('advanced-config.custom_url_prefix');
-Route::get('/going/{id?}', [UserController::class, 'clickNumber'])->where('link', '.*')->name('clickNumber');
+Route::get('/going/{id?}', [UserController::class, 'clickNumber'])->where('link', '.*')->name('clickNumber')->middleware('disableCookies');
 Route::get('/info/{id?}', [AdminController::class, 'redirectInfo'])->name('redirectInfo');
 if($custom_prefix != ""){Route::get('/' . $custom_prefix . '{littlelink}', [UserController::class, 'littlelink'])->name('littlelink');}
-Route::get('/@{littlelink}', [UserController::class, 'littlelink'])->name('littlelink');
-Route::get('/pages/'.strtolower(footer('Terms')), [AdminController::class, 'pagesTerms'])->name('pagesTerms');
-Route::get('/pages/'.strtolower(footer('Privacy')), [AdminController::class, 'pagesPrivacy'])->name('pagesPrivacy');
-Route::get('/pages/'.strtolower(footer('Contact')), [AdminController::class, 'pagesContact'])->name('pagesContact');
+Route::get('/@{littlelink}', [UserController::class, 'littlelink'])->name('littlelink')->middleware('disableCookies');
+Route::get('/pages/'.strtolower(footer('Terms')), [AdminController::class, 'pagesTerms'])->name('pagesTerms')->middleware('disableCookies');
+Route::get('/pages/'.strtolower(footer('Privacy')), [AdminController::class, 'pagesPrivacy'])->name('pagesPrivacy')->middleware('disableCookies');
+Route::get('/pages/'.strtolower(footer('Contact')), [AdminController::class, 'pagesContact'])->name('pagesContact')->middleware('disableCookies');
 Route::get('/theme/@{littlelink}', [UserController::class, 'theme'])->name('theme');
 Route::get('/vcard/{id?}', [UserController::class, 'vcard'])->name('vcard');
 Route::get('/u/{id?}', [UserController::class, 'userRedirect'])->name('userRedirect');
 
 Route::get('/report', function () {return view('report');});
 Route::post('/report', [UserController::class, 'report'])->name('report');
 
-Route::get('/demo-page', [App\Http\Controllers\HomeController::class, 'demo'])->name('demo');
+Route::get('/demo-page', [App\Http\Controllers\HomeController::class, 'demo'])->name('demo')->middleware('disableCookies');
 
 }