From: Dan Brown <redacted>
Date: Wed, 11 May 2022 15:46:59 +0000 (+0100)
Subject: Updated default value for secure session detection
X-Git-Tag: v22.06~1^2~28
X-Git-Url: http://source.bookstackapp.com/bookstack/commitdiff_plain/f0218232876247e9101abb3ca4591bd0ae4b7a7a?ds=inline

Updated default value for secure session detection

Updated default value for APP_URL so that the startsWith call is not
passed null, since that causes deprecation notice in PHP8.1.
Would show when APP_URL was not set, adding extra confusiion.
---

diff --git a/app/Config/session.php b/app/Config/session.php
index 4bbb78901..a00d75807 100644
--- a/app/Config/session.php
+++ b/app/Config/session.php
@@ -72,7 +72,7 @@ return [
     // to the server if the browser has a HTTPS connection. This will keep
     // the cookie from being sent to you if it can not be done securely.
     'secure' => env('SESSION_SECURE_COOKIE', null)
-        ?? Str::startsWith(env('APP_URL'), 'https:'),
+        ?? Str::startsWith(env('APP_URL', ''), 'https:'),
 
     // HTTP Access Only
     // Setting this value to true will prevent JavaScript from accessing the