From 49532e1cd6550c4a4adfda25d39446f7dc0cc924 Mon Sep 17 00:00:00 2001
From: Lars Kajes <lars@kajes.se>
Date: Tue, 6 Apr 2021 06:56:25 +0200
Subject: [PATCH] Add option to force TLS connection (#9327)

Co-authored-by: Lars Kajes <lars.kajes@iusinnovation.se>
---
 .env.example                         |  1 +
 app/Providers/AppServiceProvider.php | 10 +++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.env.example b/.env.example
index 2edf4a6c1e..8d32e884af 100644
--- a/.env.example
+++ b/.env.example
@@ -144,6 +144,7 @@ APP_LOG=single
 APP_LOG_MAX_FILES=10
 APP_LOCKED=false
 APP_CIPHER=AES-256-CBC
+APP_FORCE_TLS=false
 GOOGLE_MAPS_API=
 LDAP_MEM_LIM=500M
 LDAP_TIME_LIM=600
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 330d9738a0..36d1324f01 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -16,6 +16,7 @@ use App\Observers\LicenseObserver;
 use App\Observers\SettingObserver;
 use Illuminate\Support\Facades\Schema;
 use Illuminate\Support\ServiceProvider;
+use Illuminate\Routing\UrlGenerator;
 
 /**
  * This service provider handles setting the observers on models
@@ -33,8 +34,15 @@ class AppServiceProvider extends ServiceProvider
      * @since [v3.0]
      * @return void
      */
-    public function boot()
+    public function boot(UrlGenerator $url)
     {
+        if (env('APP_FORCE_TLS')) {
+            if (strpos(env('APP_URL'), 'https') === 0) {
+                $url->forceScheme('https');
+            } else {
+                \Log::warning("'APP_FORCE_TLS' is set to true, but 'APP_URL' does not start with 'https://'. Will not force TLS on connections.");
+            }
+        }
         Schema::defaultStringLength(191);
         Asset::observe(AssetObserver::class);
         Accessory::observe(AccessoryObserver::class);