fix: drop URL::forceRootUrl (Livewire/CSRF break on tenant subdomains)
forceRootUrl forces ALL generated URLs to APP_URL (service.mir.md).
On psauto.service.mir.md, Livewire-generated POST URLs targeted
service.mir.md instead of psauto, so CSRF/session cookies didn't
match → silent auth failure.
Keep forceScheme('https') so Cloudflare → Traefik → Octane proxy
chain doesn't generate http:// links, but let Laravel use the
actual request host for everything else.
Also: TextInput->lowercase() removed (not in Filament v5);
slug uses dehydrateStateUsing(strtolower) + visual CSS lowercase.
This commit is contained in:
@@ -34,9 +34,10 @@ class CompanyResource extends Resource
|
|||||||
Forms\Components\TextInput::make('slug')
|
Forms\Components\TextInput::make('slug')
|
||||||
->required()
|
->required()
|
||||||
->alphaDash()
|
->alphaDash()
|
||||||
->lowercase()
|
|
||||||
->maxLength(30)
|
->maxLength(30)
|
||||||
->unique(ignoreRecord: true)
|
->unique(ignoreRecord: true)
|
||||||
|
->dehydrateStateUsing(fn ($state) => strtolower((string) $state))
|
||||||
|
->extraInputAttributes(['style' => 'text-transform: lowercase'])
|
||||||
->helperText('Subdomeniul: <slug>.service.mir.md'),
|
->helperText('Subdomeniul: <slug>.service.mir.md'),
|
||||||
Forms\Components\TextInput::make('name')->required()->maxLength(120),
|
Forms\Components\TextInput::make('name')->required()->maxLength(120),
|
||||||
Forms\Components\TextInput::make('display_name')->maxLength(120),
|
Forms\Components\TextInput::make('display_name')->maxLength(120),
|
||||||
|
|||||||
@@ -16,9 +16,10 @@ class AppServiceProvider extends ServiceProvider
|
|||||||
public function boot(): void
|
public function boot(): void
|
||||||
{
|
{
|
||||||
// Behind a TLS-terminating proxy (Cloudflare → Coolify Traefik → Octane).
|
// Behind a TLS-terminating proxy (Cloudflare → Coolify Traefik → Octane).
|
||||||
|
// Force https on URL generation, but DON'T force root URL — each tenant
|
||||||
|
// subdomain must keep its own host so Livewire/CSRF work per-tenant.
|
||||||
if (! $this->app->runningInConsole() && (str_starts_with(config('app.url'), 'https://') || env('FORCE_HTTPS'))) {
|
if (! $this->app->runningInConsole() && (str_starts_with(config('app.url'), 'https://') || env('FORCE_HTTPS'))) {
|
||||||
URL::forceScheme('https');
|
URL::forceScheme('https');
|
||||||
URL::forceRootUrl(config('app.url'));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user