Fix unsecure redirect code.

2025-02-25 18:45:27 -06:00 · 2021-10-02 13:28:56 +02:00
parent 4e84a5c40c
commit 8662dfa4c0
3 changed files with 58 additions and 2 deletions
--- a/app/Http/Middleware/StartFireflySession.php
+++ b/app/Http/Middleware/StartFireflySession.php
@@ -45,7 +45,6 @@ class StartFireflySession extends StartSession
        $url          = $request->fullUrl();
        $forbiddenWords = strpos($url, 'offline') || strpos($url, 'jscript') || strpos($url, 'delete') || strpos($url, '/login') || strpos($url, '/json') || strpos($url, 'serviceworker') || strpos($url, '/attachments/view');

-        // also stop remembering "delete" URL's.
        if (false === $forbiddenWords
            && 'GET' === $request->method()
            && !$request->ajax()) {