[11.x] Fix Middleware::trustHosts(subdomains: true)
#50877
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
amaralis
added a commit
to amaralis/laravel-docs
that referenced
this pull request
Aug 15, 2024
…ion file Document the fix from laravel/framework#50877, triggered by issue laravel/framework#50845
taylorotwell
added a commit
to laravel/docs
that referenced
this pull request
Aug 15, 2024
* Add trustHosts() documentation when hosts are fetched from configuration file Document the fix from laravel/framework#50877, triggered by issue laravel/framework#50845 * Update requests.md --------- Co-authored-by: Taylor Otwell <taylor@laravel.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #50845
This PR fixes 2 problems with
Middleware::trustHosts():8e0eb64:
When
Middleware::trustHosts()is called with hosts (e.g.$middleware->trustHosts(['127.0.0.1'])) it immediately tries to configure theTrustHostsmiddleware. TheTrustHostsmiddleware itself is reliant on the application's config, so it cannot be configured this early in the bootstrapping process. This is fixed by only setting what we need to do, but not doing it until a request happens.a6171fd:
Its not uncommon to rely on certain container services when deciding on what hosts to trust, but because the
Middleware::trustHosts()method only accepts an already resolved array and happens so early in the bootstrapping process we cannot use those services yet.This is fixed by allowing developers to pass a callback that "lazily" resolves the hosts. This enables the following: