From 4f5917645b367f3895f109826df5631a614c4877 Mon Sep 17 00:00:00 2001
From: Tony Messias <tonyzrp@gmail.com>
Date: Fri, 18 Oct 2019 17:45:52 -0300
Subject: [PATCH] Allow using the signed route middleware with relative signed
 URLs.

---
 .../Routing/Middleware/ValidateSignature.php      |  6 ++++--
 tests/Integration/Routing/UrlSigningTest.php      | 15 +++++++++++++++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/Illuminate/Routing/Middleware/ValidateSignature.php b/src/Illuminate/Routing/Middleware/ValidateSignature.php
index 85de9a24aab4..c3eedd35955a 100644
--- a/src/Illuminate/Routing/Middleware/ValidateSignature.php
+++ b/src/Illuminate/Routing/Middleware/ValidateSignature.php
@@ -12,13 +12,15 @@ class ValidateSignature
      *
      * @param  \Illuminate\Http\Request  $request
      * @param  \Closure  $next
+     * @param  \string|\null $relative Should be the word "relative" or null.
      * @return \Illuminate\Http\Response
      *
      * @throws \Illuminate\Routing\Exceptions\InvalidSignatureException
      */
-    public function handle($request, Closure $next)
+    public function handle($request, Closure $next, $relative = null)
     {
-        if ($request->hasValidSignature()) {
+        // Consumers of the middleware can use the syntax "signed:relative".
+        if ($request->hasValidSignature($relative !== 'relative')) {
             return $next($request);
         }
 
diff --git a/tests/Integration/Routing/UrlSigningTest.php b/tests/Integration/Routing/UrlSigningTest.php
index 730006611a70..b5b302e4fe0a 100644
--- a/tests/Integration/Routing/UrlSigningTest.php
+++ b/tests/Integration/Routing/UrlSigningTest.php
@@ -85,6 +85,21 @@ public function testSignedMiddlewareWithRoutableParameter()
         $this->assertIsString($url = URL::signedRoute('foo', $model));
         $this->assertSame('routable', $this->get($url)->original);
     }
+
+    public function testSignedUrlMiddlewareWithRelativePath()
+    {
+        Route::get('/foo/ipsum', function () {
+            return 'works';
+        })->name('foo')->middleware('signed:relative');
+
+        $this->assertEquals(
+            'works',
+            $this->get(url('https://fake.test'.URL::signedRoute('foo', [], null, false)))->original
+        );
+
+        $response = $this->get('/foo/ipsum');
+        $response->assertStatus(403);
+    }
 }
 
 class RoutableInterfaceStub implements UrlRoutable