From 5f556ebf8067c2b2cf3d4bb15aaa814b3fc12b29 Mon Sep 17 00:00:00 2001
From: "Mr.Chung" <39075420+zhongshaofa@users.noreply.github.com>
Date: Thu, 16 Sep 2021 13:09:18 +0800
Subject: [PATCH] =?UTF-8?q?=20[fix]=E4=BF=AE=E5=A4=8D=E5=BD=93=E5=9F=9F?=
 =?UTF-8?q?=E5=90=8D=E5=B8=A6=E6=9C=89=E7=AB=AF=E5=8F=A3=E6=97=B6=EF=BC=8C?=
 =?UTF-8?q?REFERER=E9=AA=8C=E8=AF=81=E5=A4=B1=E8=B4=A5=E7=9A=84=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98=20(#103)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* [fix]edit env example file type

* [fix]修复域名中带有端口时，REFERER安全验证失败的问题
---
 .example.env                            | 43 ++++++++++++++++++++++++-
 app/admin/middleware/CsrfMiddleware.php |  4 +--
 2 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/.example.env b/.example.env
index ee1d0bbe..eac97f0b 100644
--- a/.example.env
+++ b/.example.env
@@ -1 +1,42 @@
-APP_DEBUG=true

[APP]
DEFAULT_TIMEZONE=Asia/Shanghai

[DATABASE]
TYPE=mysql
HOSTNAME=host.docker.internal
DATABASE=easyadmin
USERNAME=root
PASSWORD=root
HOSTPORT=3306
CHARSET=utf8
DEBUG=true
PREFIX=ea_

[LANG]
default_lang=zh-cn

# 后台配置项组
[EASYADMIN]
# 后台地址后缀名称
ADMIN=admin

# 后台登录验证码开关
CAPTCHA=true

# 是否为演示环境
IS_DEMO=true

# CDN配置项组
CDN=
EXAMPLE=true

# 是否开启CSRF过滤
IS_CSRF=true

# 静态文件路径前缀
STATIC_PATH=/static

# OSS静态文件路径前缀
OSS_STATIC_PREFIX=static_easyadmin
\ No newline at end of file
+APP_DEBUG=true
+
+[APP]
+DEFAULT_TIMEZONE=Asia/Shanghai
+
+[DATABASE]
+TYPE=mysql
+HOSTNAME=host.docker.internal
+DATABASE=easyadmin
+USERNAME=root
+PASSWORD=root
+HOSTPORT=3306
+CHARSET=utf8
+DEBUG=true
+PREFIX=ea_
+
+[LANG]
+default_lang=zh-cn
+
+# 后台配置项组
+[EASYADMIN]
+# 后台地址后缀名称
+ADMIN=admin
+
+# 后台登录验证码开关
+CAPTCHA=true
+
+# 是否为演示环境
+IS_DEMO=true
+
+# CDN配置项组
+CDN=
+EXAMPLE=true
+
+# 是否开启CSRF过滤 
+IS_CSRF=true
+
+# 静态文件路径前缀
+STATIC_PATH=/static
+
+# OSS静态文件路径前缀
+OSS_STATIC_PREFIX=static_easyadmin
diff --git a/app/admin/middleware/CsrfMiddleware.php b/app/admin/middleware/CsrfMiddleware.php
index 6ba1aed4..b61d4ee6 100644
--- a/app/admin/middleware/CsrfMiddleware.php
+++ b/app/admin/middleware/CsrfMiddleware.php
@@ -31,7 +31,7 @@ public function handle(Request $request, \Closure $next)
                 // 跨域校验
                 $refererUrl = $request->header('REFERER', null);
                 $refererInfo = parse_url($refererUrl);
-                $host = $request->host();
+                $host = $request->host(true);
                 if (!isset($refererInfo['host']) || $refererInfo['host'] != $host) {
                     $this->error('当前请求不合法！');
                 }
@@ -50,4 +50,4 @@ public function handle(Request $request, \Closure $next)
         }
         return $next($request);
     }
-}
\ No newline at end of file
+}