fix: drop URL::forceRootUrl (Livewire/CSRF break on tenant subdomains)
forceRootUrl forces ALL generated URLs to APP_URL (service.mir.md).
On psauto.service.mir.md, Livewire-generated POST URLs targeted
service.mir.md instead of psauto, so CSRF/session cookies didn't
match → silent auth failure.
Keep forceScheme('https') so Cloudflare → Traefik → Octane proxy
chain doesn't generate http:// links, but let Laravel use the
actual request host for everything else.
Also: TextInput->lowercase() removed (not in Filament v5);
slug uses dehydrateStateUsing(strtolower) + visual CSS lowercase.
This commit is contained in:
@@ -16,9 +16,10 @@ class AppServiceProvider extends ServiceProvider
|
||||
public function boot(): void
|
||||
{
|
||||
// Behind a TLS-terminating proxy (Cloudflare → Coolify Traefik → Octane).
|
||||
// Force https on URL generation, but DON'T force root URL — each tenant
|
||||
// subdomain must keep its own host so Livewire/CSRF work per-tenant.
|
||||
if (! $this->app->runningInConsole() && (str_starts_with(config('app.url'), 'https://') || env('FORCE_HTTPS'))) {
|
||||
URL::forceScheme('https');
|
||||
URL::forceRootUrl(config('app.url'));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user