Skip to content

Commit

Permalink
fix: force_https() redirects to wrong URL
Browse files Browse the repository at this point in the history
  • Loading branch information
kenjis committed Nov 14, 2023
1 parent e56e460 commit d59fdaa
Showing 1 changed file with 2 additions and 18 deletions.
20 changes: 2 additions & 18 deletions system/Common.php
Original file line number Diff line number Diff line change
Expand Up @@ -502,27 +502,11 @@ function force_https(
Services::session()->regenerate(); // @codeCoverageIgnore
}

$baseURL = config(App::class)->baseURL;

if (strpos($baseURL, 'https://') === 0) {
$authority = substr($baseURL, strlen('https://'));
} elseif (strpos($baseURL, 'http://') === 0) {
$authority = substr($baseURL, strlen('http://'));
} else {
$authority = $baseURL;
}

$uri = URI::createURIString(
'https',
$authority,
$request->getUri()->getPath(), // Absolute URIs should use a "/" for an empty path
$request->getUri()->getQuery(),
$request->getUri()->getFragment()
);
$uri = $request->getUri()->withScheme('https');

// Set an HSTS header
$response->setHeader('Strict-Transport-Security', 'max-age=' . $duration)
->redirect($uri)
->redirect((string) $uri)
->setStatusCode(307)
->setBody('')
->getCookieStore()
Expand Down

0 comments on commit d59fdaa

Please sign in to comment.