From e1fe58639756cf7b232458eddd6978e4ed0031f5 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Mon, 20 Oct 2025 12:59:57 +0200
Subject: [PATCH] Changes auto-committed by Conductor

---
 app/Http/Middleware/TrustHosts.php            | 19 +++++++++++++++++++
 .../views/components/forms/datalist.blade.php |  4 ++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/app/Http/Middleware/TrustHosts.php b/app/Http/Middleware/TrustHosts.php
index 080b18acc..f0b9d67f2 100644
--- a/app/Http/Middleware/TrustHosts.php
+++ b/app/Http/Middleware/TrustHosts.php
@@ -30,6 +30,12 @@ public function handle(Request $request, $next)
             return $next($request);
         }
 
+        // Skip host validation if no FQDN is configured (initial setup)
+        $fqdnHost = Cache::get('instance_settings_fqdn_host');
+        if ($fqdnHost === '' || $fqdnHost === null) {
+            return $next($request);
+        }
+
         // For all other routes, use parent's host validation
         return parent::handle($request, $next);
     }
@@ -69,6 +75,19 @@ public function hosts(): array
             $trustedHosts[] = $fqdnHost;
         }
 
+        // Trust the APP_URL host itself (not just subdomains)
+        $appUrl = config('app.url');
+        if ($appUrl) {
+            try {
+                $appUrlHost = parse_url($appUrl, PHP_URL_HOST);
+                if ($appUrlHost && ! in_array($appUrlHost, $trustedHosts, true)) {
+                    $trustedHosts[] = $appUrlHost;
+                }
+            } catch (\Exception $e) {
+                // Ignore parse errors
+            }
+        }
+
         // Trust all subdomains of APP_URL as fallback
         $trustedHosts[] = $this->allSubdomainsOfApplicationUrl();
 
diff --git a/resources/views/components/forms/datalist.blade.php b/resources/views/components/forms/datalist.blade.php
index 05f6ca946..84eda9147 100644
--- a/resources/views/components/forms/datalist.blade.php
+++ b/resources/views/components/forms/datalist.blade.php
@@ -139,7 +139,7 @@ class="absolute z-50 w-full mt-1 bg-white dark:bg-coolgray-100 border border-neu
         </div>
     </template>
 
-    <template x-for="option in (filteredOptions || [])" :key="option.value">
+    <template x-for="(option, index) in (filteredOptions || [])" :key="option?.value || index">
         <div @click="toggleOption(option.value)"
             class="px-3 py-2 cursor-pointer hover:bg-neutral-100 dark:hover:bg-coolgray-200 flex items-center gap-3"
             :class="{ 'bg-neutral-50 dark:bg-coolgray-300': isSelected(option.value) }">
@@ -268,7 +268,7 @@ class="absolute z-50 w-full mt-1 bg-white dark:bg-coolgray-100 border border-neu
             </div>
         </template>
 
-        <template x-for="option in (filteredOptions || [])" :key="option.value">
+        <template x-for="(option, index) in (filteredOptions || [])" :key="option?.value || index">
             <div @click="selectOption(option.value)"
                 class="px-3 py-2 cursor-pointer hover:bg-neutral-100 dark:hover:bg-coolgray-200"
                 :class="{ 'bg-neutral-50 dark:bg-coolgray-300': selected == option.value }">