URL used in Response class does not respect HTTP_X_FORWARDED_PREFIX header

[lmjhs]

When using a reverse proxy to remove the path prefix from a URL, the url property sent with the inertia response does not respect the HTTP_X_FORWARDED_PREFIX header. This causes the browser history pushState to be rewritten to the wrong URL.

For example:

• Initial Request: http://example.com/v2/login
• Reverse proxy strips v2 prefix: http://example.com/login
• Intertia response url: /login
• Browser URL rewritten to: http://example.com/login

Changing 'url' => $request->getRequestUri() to 'url' => $request->fullUrl() in Inertia\Response seems to solve the problem as this will create a full url including the HTTP_X_FORWARDED_PREFIX header.

However there may be a more elegant solution?

[herpaderpaldent]

This does not seem to be an inertia issue. Assuming you are using laravel (hence this repo) have you set, have you configured the ThrustProxies to trust any proxy?
maybe this is a good read for you: https://michielkempen.com/blog/generate-https-urls-when-running-laravel-behind-a-proxy

[lmjhs]

Thanks @herpaderpaldent for your quick reply.

Sorry yes this is in a Laravel project and yes I have already configured to TrustProxies so URL generation is working correctly. Redirects work correctly but when I hit a page managed by Inertia it then updates the pushState in the browser to the URL sent in the Response payload. So the page at first works correctly but if the user refreshes the page it is now on the wrong page.

The issue is that Inertia is not using the same functions as Laravel for generating the URL in the response. By using the getRequestUri() method it only returns the path and not the fully formed URL using the HTTP_X_FORWARDED_PREFIX header. My suggestion is that by changing that to use the fullUrl() method it would include it and from some initial testing appears to fix the problem. However I think that will return the domain as well as the path so not sure if that would cause any other issues?

[garagepoort]

Hello,

I seem to have the same problem. I've setup a reverse proxy to redirect to a specific subpath of the laravel application.
This works fine but the inertia response includes the full path in it's response.

Then the js frontend updates the browser history to include the full path.
So for example I navigate to https://myexample.com/
Nginx proxies to https://mylaravelapp.com/app/143716
Inertia updates the browser history to: https://myexample.com/app/143716.
While I would expect my url in browser would just remain https://myexample.com/.
In the response I can see that inertia included the full path rather keeping the original requested path.

Not sure if I am missing a header that needs to be passed to laravel for this to work?

[vitordaniel31]

@lmjhs I had a same problem. Do you have a elegant solution for this?

[jessarcher]

I believe this was solved in #333, although that potentially introduced another bug (#359).

Note that in addition to configuring the trusted proxy, the X_FORWARDED_PREFIX header has to be allowed in the app/Http/Middleware/TrustProxies.php middleware:

      protected $headers =
          Request::HEADER_X_FORWARDED_FOR |
          Request::HEADER_X_FORWARDED_HOST |
          Request::HEADER_X_FORWARDED_PORT |
          Request::HEADER_X_FORWARDED_PROTO |
+         Request::HEADER_X_FORWARDED_PREFIX |
          Request::HEADER_X_FORWARDED_AWS_ELB;