coolify/app/Http/Middleware/TrustProxies.php

<?php

namespace App\Http\Middleware;

use Illuminate\Http\Middleware\TrustProxies as Middleware;
use Illuminate\Http\Request;

class TrustProxies extends Middleware
{
    /**
     * The trusted proxies for this application.
     *
     * @var array<int, string>|string|null
     */
    protected $proxies = '*';

    /**
     * The headers that should be used to detect proxies.
     *
     * @var int
     */
    protected $headers =
        Request::HEADER_X_FORWARDED_FOR |
        Request::HEADER_X_FORWARDED_HOST |
        Request::HEADER_X_FORWARDED_PORT |
        Request::HEADER_X_FORWARDED_PROTO |
        Request::HEADER_X_FORWARDED_AWS_ELB;

    /**
     * Handle the request.
     *
     * Wraps $next so that after proxy headers are resolved (X-Forwarded-Proto processed),
     * the Secure cookie flag is auto-enabled when the request is over HTTPS.
     * This ensures session cookies are correctly marked Secure when behind an HTTPS
     * reverse proxy (Cloudflare Tunnel, nginx, etc.) even when SESSION_SECURE_COOKIE
     * is not explicitly set in .env.
     */
    public function handle($request, \Closure $next)
    {
        return parent::handle($request, function ($request) use ($next) {
            // At this point proxy headers have been applied to the request,
            // so $request->secure() correctly reflects the actual protocol.
            if ($request->secure() && config('session.secure') === null) {
                config(['session.secure' => true]);
            }

            return $next($request);
        });
    }
}
init of v4 🌮 2023-03-17 14:33:48 +00:00			`<?php`

			`namespace App\Http\Middleware;`

			`use Illuminate\Http\Middleware\TrustProxies as Middleware;`
			`use Illuminate\Http\Request;`

			`class TrustProxies extends Middleware`
			`{`
			`/**`
			`* The trusted proxies for this application.`
			`*`
			`* @var array<int, string>\|string\|null`
			`*/`
asd? 2023-05-26 12:05:58 +00:00			`protected $proxies = '*';`
init of v4 🌮 2023-03-17 14:33:48 +00:00
			`/**`
			`* The headers that should be used to detect proxies.`
			`*`
			`* @var int`
			`*/`
			`protected $headers =`
Fix styling 2024-06-10 20:43:34 +00:00			`Request::HEADER_X_FORWARDED_FOR \|`
init of v4 🌮 2023-03-17 14:33:48 +00:00			`Request::HEADER_X_FORWARDED_HOST \|`
			`Request::HEADER_X_FORWARDED_PORT \|`
			`Request::HEADER_X_FORWARDED_PROTO \|`
			`Request::HEADER_X_FORWARDED_AWS_ELB;`
fix(subscription): harden quantity updates and proxy trust behavior Centralize min/max server limits in Stripe quantity updates and wire them into Livewire subscription actions with price preview/update handling. Also improve host/proxy middleware behavior by trusting loopback hosts when FQDN is set and auto-enabling secure session cookies for HTTPS requests behind proxies when session.secure is unset. Includes feature tests for loopback trust and secure cookie auto-detection. 2026-03-03 11:28:16 +00:00
			`/**`
			`* Handle the request.`
			`*`
			`* Wraps $next so that after proxy headers are resolved (X-Forwarded-Proto processed),`
			`* the Secure cookie flag is auto-enabled when the request is over HTTPS.`
			`* This ensures session cookies are correctly marked Secure when behind an HTTPS`
			`* reverse proxy (Cloudflare Tunnel, nginx, etc.) even when SESSION_SECURE_COOKIE`
			`* is not explicitly set in .env.`
			`*/`
			`public function handle($request, \Closure $next)`
			`{`
			`return parent::handle($request, function ($request) use ($next) {`
			`// At this point proxy headers have been applied to the request,`
			`// so $request->secure() correctly reflects the actual protocol.`
			`if ($request->secure() && config('session.secure') === null) {`
			`config(['session.secure' => true]);`
			`}`

			`return $next($request);`
			`});`
			`}`
init of v4 🌮 2023-03-17 14:33:48 +00:00			`}`