fix: drop URL::forceRootUrl (Livewire/CSRF break on tenant subdomains)
forceRootUrl forces ALL generated URLs to APP_URL (service.mir.md).
On psauto.service.mir.md, Livewire-generated POST URLs targeted
service.mir.md instead of psauto, so CSRF/session cookies didn't
match → silent auth failure.
Keep forceScheme('https') so Cloudflare → Traefik → Octane proxy
chain doesn't generate http:// links, but let Laravel use the
actual request host for everything else.
Also: TextInput->lowercase() removed (not in Filament v5);
slug uses dehydrateStateUsing(strtolower) + visual CSS lowercase.
This commit is contained in:
@@ -34,9 +34,10 @@ class CompanyResource extends Resource
|
||||
Forms\Components\TextInput::make('slug')
|
||||
->required()
|
||||
->alphaDash()
|
||||
->lowercase()
|
||||
->maxLength(30)
|
||||
->unique(ignoreRecord: true)
|
||||
->dehydrateStateUsing(fn ($state) => strtolower((string) $state))
|
||||
->extraInputAttributes(['style' => 'text-transform: lowercase'])
|
||||
->helperText('Subdomeniul: <slug>.service.mir.md'),
|
||||
Forms\Components\TextInput::make('name')->required()->maxLength(120),
|
||||
Forms\Components\TextInput::make('display_name')->maxLength(120),
|
||||
|
||||
@@ -16,9 +16,10 @@ class AppServiceProvider extends ServiceProvider
|
||||
public function boot(): void
|
||||
{
|
||||
// Behind a TLS-terminating proxy (Cloudflare → Coolify Traefik → Octane).
|
||||
// Force https on URL generation, but DON'T force root URL — each tenant
|
||||
// subdomain must keep its own host so Livewire/CSRF work per-tenant.
|
||||
if (! $this->app->runningInConsole() && (str_starts_with(config('app.url'), 'https://') || env('FORCE_HTTPS'))) {
|
||||
URL::forceScheme('https');
|
||||
URL::forceRootUrl(config('app.url'));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user