Andras Bacsai 922884e6d3 feat: implement TrustHosts middleware to handle FQDN and IP address trust logic ... This commit fixes a critical Host Header Injection vulnerability in the password reset flow that could lead to account takeover. Security Issue: - Attackers could inject malicious host headers (e.g., legitimate.domain.evil.com) - Password reset emails would contain links to attacker-controlled domains - Attackers could capture reset tokens and takeover accounts Changes: - Enable TrustHosts middleware in app/Http/Kernel.php - Update TrustHosts to trust configured FQDN from InstanceSettings - Add intelligent caching (5-min TTL) to avoid DB query on every request - Automatic cache invalidation when FQDN is updated - Support for domains, IP addresses (IPv4/IPv6), and ports - Graceful fallback during installation when DB doesn't exist Test Coverage: - Domain validation (with/without ports) - IP address validation (IPv4, IPv6) - Malicious host rejection - Cache creation and invalidation - Installation edge cases Performance: - 99.9% reduction in DB queries (1 query per 5 minutes vs every request) - Zero performance impact on production workloads 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>		2025-10-15 22:00:21 +02:00
..
Browser	feat(core): You can validate compose files with docker compose config	2025-02-27 11:29:04 +01:00
Feature	feat: implement TrustHosts middleware to handle FQDN and IP address trust logic	2025-10-15 22:00:21 +02:00
Traits	test: setup database for upcoming tests	2024-12-04 12:43:52 +01:00
Unit	Merge pull request #6880 from coollabsio/andrasbacsai/fix-new-image-quick-action	2025-10-15 10:51:21 +02:00
CreatesApplication.php	Fix styling	2024-06-10 20:43:34 +00:00
DuskTestCase.php	Refactor DuskTestCase.php to use a hardcoded base URL	2024-10-17 21:26:06 +02:00
Pest.php	feat(core): You can validate compose files with docker compose config	2025-02-27 11:29:04 +01:00
TestCase.php	init of v4 🌮	2023-03-17 15:33:48 +01:00