From a91f7aadf2eeb9a94c968bb934e3cd8ba8749144 Mon Sep 17 00:00:00 2001
From: ADReece <103013045+ADReece@users.noreply.github.com>
Date: Tue, 9 May 2023 14:27:09 +0100
Subject: [PATCH] Fix mixed content when using a load balancer (#127)

* Changed src/helpers.php

* Update swagger-lume.php config

added force_https config key.

* Updated swagger-lume.php config

Updated config file to conform to styling.

* Added unit tests

* Cleanup

* StyleCI Fixes

* Final cleanup

---------

Co-authored-by: R Mathieson <r.mathieson@oneandall.co.uk>
---
 config/swagger-lume.php  |  7 +++++++
 src/helpers.php          |  2 +-
 tests/ForceHttpsTest.php | 31 +++++++++++++++++++++++++++++++
 3 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 tests/ForceHttpsTest.php

diff --git a/config/swagger-lume.php b/config/swagger-lume.php
index 12674d8..07967b5 100644
--- a/config/swagger-lume.php
+++ b/config/swagger-lume.php
@@ -201,4 +201,11 @@
     'constants' => [
         'SWAGGER_LUME_CONST_HOST' => env('SWAGGER_LUME_CONST_HOST', 'http://my-default-host.com'),
     ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Force assets to be loaded over HTTPS (Solves mixed content errors when application is behind a load balancer.)
+    |--------------------------------------------------------------------------
+     */
+    'force_https' => env('SWAGGER_LUME_FORCE_HTTPS', false),
 ];
diff --git a/src/helpers.php b/src/helpers.php
index 2d50505..46076af 100644
--- a/src/helpers.php
+++ b/src/helpers.php
@@ -57,6 +57,6 @@ function swagger_lume_asset($asset)
             throw new SwaggerLumeException(sprintf('Requested L5 Swagger asset file (%s) does not exists', $asset));
         }
 
-        return route('swagger-lume.asset', ['asset' => $asset, 'v' => md5($file)], app('request')->secure());
+        return route('swagger-lume.asset', ['asset' => $asset, 'v' => md5($file)], config('swagger-lume.force_https')) ?? app('request')->secure();
     }
 }
diff --git a/tests/ForceHttpsTest.php b/tests/ForceHttpsTest.php
new file mode 100644
index 0000000..c3e7f07
--- /dev/null
+++ b/tests/ForceHttpsTest.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace Tests;
+
+class ForceHttpsTest extends LumenTestCase
+{
+    /** @test */
+    public function defaultFromEnv()
+    {
+        $this->assertNull(env('SWAGGER_LUME_FORCE_HTTPS'));
+        $this->assertStringContainsString('http://', swagger_lume_asset('swagger-ui.css'));
+    }
+
+    /** @test */
+    public function forcesHttpsFromConfig()
+    {
+        config(['swagger-lume.force_https' => true]);
+
+        $this->assertStringContainsString('https://', swagger_lume_asset('swagger-ui.css'));
+
+        config(['swagger-lume.force_https' => false]);
+    }
+
+    /** @test */
+    public function doesNotForceHttpsFromConfig()
+    {
+        config(['swagger-lume.force_https' => false]);
+
+        $this->assertStringContainsString('http://', swagger_lume_asset('swagger-ui.css'));
+    }
+}