From bbc96a18bc7b24a0e77edbc3a83c63d7904cb793 Mon Sep 17 00:00:00 2001
From: xboard <xboard@xboard.one>
Date: Sat, 28 Mar 2026 15:49:27 +0800
Subject: [PATCH] fix: use getHost() for proper host comparison in safe mode

---
 routes/web.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/routes/web.php b/routes/web.php
index 76091cc..abdc1e9 100755
--- a/routes/web.php
+++ b/routes/web.php
@@ -21,7 +21,10 @@ use Illuminate\Support\Facades\File;
 
 Route::get('/', function (Request $request) {
     if (admin_setting('app_url') && admin_setting('safe_mode_enable', 0)) {
-        if ($request->server('HTTP_HOST') !== parse_url(admin_setting('app_url'))['host']) {
+        $requestHost = $request->getHost();
+        $configHost = parse_url(admin_setting('app_url'), PHP_URL_HOST);
+        
+        if ($requestHost !== $configHost) {
             abort(403);
         }
     }