mama/star-erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 強制應用層 HTTPS (解決 Mixed Content 分頁問題)
All checks were successful
Koori-ERP-Deploy-System / deploy-demo (push) Has been skipped
Details
Koori-ERP-Deploy-System / deploy-production (push) Successful in 52s
Details

Browse Source
This commit is contained in:
sky121113
2026-02-02 14:51:27 +08:00
parent 6204f0d915
commit 8a34aae312
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/Providers/AppServiceProvider.php
View File

@@ -18,9 +18,17 @@ class AppServiceProvider extends ServiceProvider
public function boot(): void
{
// 如果是在正式環境或 APP_URL 是 https強制轉為 https
if ($this->app->environment('production') || str_contains(config('app.url'), 'https')) {
// 強制 HTTPS 檢測邏輯 (包含 Cloudflare/Load Balancer 支援)
$isHttps = $this->app->environment('production')
|| str_contains(config('app.url'), 'https')
|| request()->header('x-forwarded-proto') === 'https'
|| request()->server('HTTPS') === 'on';
if ($isHttps) {
URL::forceScheme('https');
// 強制讓 Request 物件認為自己是安全連線 (解決 Paginator 或 Request::secure() 判斷問題)
request()->server->set('HTTPS', 'on');
}
// 隱含授權:讓 "super-admin" 角色擁有所有權限