Fix mixed content when using a load balancer (#127)

* Changed src/helpers.php * Update swagger-lume.php config added force_https config key. * Updated swagger-lume.php config Updated config file to conform to styling. * Added unit tests * Cleanup * StyleCI Fixes * Final cleanup --------- Co-authored-by: R Mathieson <[email protected]>
DarkaOnLine · May 9, 2023 · a91f7aa · a91f7aa
1 parent 45e0d0f
commit a91f7aa
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 1 deletion.
diff --git a/config/swagger-lume.php b/config/swagger-lume.php
@@ -201,4 +201,11 @@
     'constants' => [
         'SWAGGER_LUME_CONST_HOST' => env('SWAGGER_LUME_CONST_HOST', 'http://my-default-host.com'),
     ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Force assets to be loaded over HTTPS (Solves mixed content errors when application is behind a load balancer.)
+    |--------------------------------------------------------------------------
+     */
+    'force_https' => env('SWAGGER_LUME_FORCE_HTTPS', false),
 ];
diff --git a/src/helpers.php b/src/helpers.php
@@ -57,6 +57,6 @@ function swagger_lume_asset($asset)
             throw new SwaggerLumeException(sprintf('Requested L5 Swagger asset file (%s) does not exists', $asset));
         }
 
-        return route('swagger-lume.asset', ['asset' => $asset, 'v' => md5($file)], app('request')->secure());
+        return route('swagger-lume.asset', ['asset' => $asset, 'v' => md5($file)], config('swagger-lume.force_https')) ?? app('request')->secure();
     }
 }
diff --git a/tests/ForceHttpsTest.php b/tests/ForceHttpsTest.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace Tests;
+
+class ForceHttpsTest extends LumenTestCase
+{
+    /** @test */
+    public function defaultFromEnv()
+    {
+        $this->assertNull(env('SWAGGER_LUME_FORCE_HTTPS'));
+        $this->assertStringContainsString('http://', swagger_lume_asset('swagger-ui.css'));
+    }
+
+    /** @test */
+    public function forcesHttpsFromConfig()
+    {
+        config(['swagger-lume.force_https' => true]);
+
+        $this->assertStringContainsString('https://', swagger_lume_asset('swagger-ui.css'));
+
+        config(['swagger-lume.force_https' => false]);
+    }
+
+    /** @test */
+    public function doesNotForceHttpsFromConfig()
+    {
+        config(['swagger-lume.force_https' => false]);
+
+        $this->assertStringContainsString('http://', swagger_lume_asset('swagger-ui.css'));
+    }
+}