Fixed HTTPS links on reverse proxies

JulianPrieber · JulianPrieber · commit 542afadd8bb4 · 2022-11-20T14:10:49.000+01:00
The force HTTPS option in the config now turns any link into HTTPS. This also works on reverse proxy setups. The previous option in the config is now being replaced with the new option FORCE_ROUTE_HTTPS which redirects all routes and pages to HTTPS. This option should never be used behind a reverse proxy. See issue: #216
diff --git a/.env b/.env
@@ -95,3 +95,6 @@ ENABLE_SOCIAL_LOGIN=false
 
 #Sets if a plain PNG or iframe should be used for the theme preview image
 USE_THEME_PREVIEW_IFRAME=true
+
+#Redirects all pages to https
+FORCE_ROUTE_HTTPS=false
diff --git a/resources/views/layouts/lang.blade.php b/resources/views/layouts/lang.blade.php
@@ -1,3 +1,4 @@
+@if(env('FORCE_HTTPS') == 'true')<?php URL::forceScheme('https');  ?>@endif
 @if(env('CUSTOM_META_TAGS') == 'true' and config('advanced-config.lang') != '')
 <html lang="{{ config('advanced-config.lang') }}">
 @else
@@ -6,7 +7,7 @@
 
 
 {{-- Redirects to https if enabled in the advanced-config --}}
-@if(env('FORCE_HTTPS') == 'true')
+@if(env('FORCE_ROUTE_HTTPS') == 'true')
 @php
 if (! isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == 'off' ) {
     $redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
diff --git a/routes/web.php b/routes/web.php
@@ -73,7 +73,7 @@
 Route::group([
     'middleware' => env('REGISTER_AUTH'),
 ], function () {
-if(env('FORCE_HTTPS') == 'true'){URL::forceScheme('https');}
+if(env('FORCE_ROUTE_HTTPS') == 'true'){URL::forceScheme('https');}
 if(isset($_COOKIE['LinkCount'])){if($_COOKIE['LinkCount'] == '20'){$LinkPage = 'showLinks20';}elseif($_COOKIE['LinkCount'] == '30'){$LinkPage = 'showLinks30';}elseif($_COOKIE['LinkCount'] == 'all'){$LinkPage = 'showLinksAll';} else {$LinkPage = 'showLinks';}} else {$LinkPage = 'showLinks';} //Shows correct link number
 Route::get('/studio/index', [UserController::class, 'index'])->name('studioIndex');
 Route::get('/studio/add-link', [UserController::class, 'AddUpdateLink'])->name('showButtons');
@@ -112,7 +112,7 @@
 Route::group([
     'middleware' => 'admin',
 ], function () {
-    if(env('FORCE_HTTPS') == 'true'){URL::forceScheme('https');}
+    if(env('FORCE_ROUTE_HTTPS') == 'true'){URL::forceScheme('https');}
     Route::get('/panel/index', [AdminController::class, 'index'])->name('panelIndex');
     Route::get('/panel/users/{type}', [AdminController::class, 'users'])->name('showUsers');
     Route::post('/panel/users/{name?}', [AdminController::class, 'searchUser'])->name('searchUser');
diff --git a/storage/backups/default_settings b/storage/backups/default_settings
@@ -94,4 +94,7 @@ ENABLE_THEME_UPDATER=true
 ENABLE_SOCIAL_LOGIN=false
 
 #Sets if a plain PNG or iframe should be used for the theme preview image
-USE_THEME_PREVIEW_IFRAME=true
+USE_THEME_PREVIEW_IFRAME=true
+
+#Redirects all pages to https
+FORCE_ROUTE_HTTPS=false
