Merge pull request #19 from anhofmann/master

don't expose sessionID to other domains
iMi-digital · May 27, 2024 · 84ca625 · 84ca625
2 parents 5b75ebd + 548d895
commit 84ca625
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/UrlGeneratorService.php b/src/UrlGeneratorService.php
@@ -13,6 +13,11 @@ private function addSid(string $url, ?\Illuminate\Routing\Route $route = null):
             return $url;
         }
 
+        // Don't expose sessionID to other Domains
+        if(parse_url($url, PHP_URL_HOST) != parse_url(\Config::get('app.url'))) {
+            return $url;
+        }
+
         // Get the current query string and parameters
         $queryString = parse_url($url, PHP_URL_QUERY) ?? '';
         parse_str($queryString, $queryParameters);