D5517.1775214735.diff
No OneTemporary
Actions

Authored By

Unknown

Size

2 KB

Referenced Files

None

Subscribers

None

D5517.1775214735.diff
View Options

	diff --git a/src/app/Http/Kernel.php b/src/app/Http/Kernel.php
	--- a/src/app/Http/Kernel.php
	+++ b/src/app/Http/Kernel.php
	@@ -3,6 +3,7 @@
	namespace App\Http;

	use App\Http\Middleware\AllowedHosts;
	+use App\Http\Middleware\DisallowedHosts;
	use App\Http\Middleware\Authenticate;
	use App\Http\Middleware\AuthenticateAdmin;
	use App\Http\Middleware\AuthenticateReseller;
	@@ -95,7 +96,7 @@
	'verified' => EnsureEmailIsVerified::class,
	'scopes' => CheckScopes::class,
	'scope' => CheckForAnyScope::class,
	- 'allowedHosts' => AllowedHosts::class,
	+ 'disallowedHosts' => DisallowedHosts::class,
	'regularHosts' => RegularHosts::class,
	];
	}
	diff --git a/src/app/Http/Middleware/DisallowedHosts.php b/src/app/Http/Middleware/DisallowedHosts.php
	new file mode 100644
	--- /dev/null
	+++ b/src/app/Http/Middleware/DisallowedHosts.php
	@@ -0,0 +1,26 @@
	+<?php
	+
	+namespace App\Http\Middleware;
	+
	+use Illuminate\Http\Request;
	+
	+class DisallowedHosts
	+{
	+ /**
	+ * Handle an incoming request.
	+ *
	+ * @param Request $request
	+ *
	+ * @return mixed
	+ */
	+ public function handle($request, \Closure $next)
	+ {
	+ $disallowedDomains = \config('app.services_disallowed_domains');
	+ if (in_array(request()->getHost(), $disallowedDomains)) {
	+ \Log::info("Host not allowed " . request()->getHost());
	+ abort(404);
	+ }
	+
	+ return $next($request);
	+ }
	+}
	diff --git a/src/config/app.php b/src/config/app.php
	--- a/src/config/app.php
	+++ b/src/config/app.php
	@@ -102,6 +102,15 @@
	)
	)),

	+ // Restrict over which domains the services paths can be accessed.
	+ 'services_disallowed_domains' => explode(',', env(
	+ 'APP_SERVICES_DISALLOWED_DOMAINS',
	+ env(
	+ 'APP_WEBSITE_DOMAIN',
	+ env('APP_DOMAIN', 'domain.tld')
	+ )
	+ )),
	+
	/*
	\|--------------------------------------------------------------------------
	\| Application Timezone
	diff --git a/src/routes/api.php b/src/routes/api.php
	--- a/src/routes/api.php
	+++ b/src/routes/api.php
	@@ -293,7 +293,7 @@
	if (\config('app.with_services')) {
	Route::group(
	[
	- 'middleware' => ['allowedHosts'],
	+ 'middleware' => ['disallowedHosts'],
	'prefix' => 'webhooks',
	],
	static function () {

File Metadata

Mime Type: text/plain
Expires: Fri, Apr 3, 11:12 AM (1 d, 2 h ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18823780
Default Alt Text: D5517.1775214735.diff (2 KB)

D5517.1775214735.diffNo OneTemporaryActions

D5517.1775214735.diffView Options

File Metadata

Event Timeline

D5517.1775214735.diff
No OneTemporary
Actions

D5517.1775214735.diff
View Options