fix: use getHost() for proper host comparison in safe mode

2026-04-03 10:30:51 +08:00 · 2026-03-28 15:49:27 +08:00
parent 23294c1f93
commit bbc96a18bc
1 changed files with 4 additions and 1 deletions
--- a/routes/web.php
+++ b/routes/web.php
@@ -21,7 +21,10 @@ use Illuminate\Support\Facades\File;

 Route::get('/', function (Request $request) {
    if (admin_setting('app_url') && admin_setting('safe_mode_enable', 0)) {
-        if ($request->server('HTTP_HOST') !== parse_url(admin_setting('app_url'))['host']) {
+        $requestHost = $request->getHost();
+        $configHost = parse_url(admin_setting('app_url'), PHP_URL_HOST);
+        
+        if ($requestHost !== $configHost) {
            abort(403);
        }
    }