Merge pull request #139 from rjchauhan/2.x

[2.x] 419 Exception with requests without referrer
laravel · May 11, 2020 · 8efcb0b · 8efcb0b
2 parents 0c76899 + ca5b442
commit 8efcb0b
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php b/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
@@ -58,7 +58,9 @@ public static function fromFrontend($request)
 
         $referer = Str::replaceFirst('http://', '', $referer);
 
-        return Str::startsWith($referer, config('sanctum.stateful', [])) ||
-               Str::is(config('sanctum.stateful', []), $referer);
+        $stateful = array_filter(config('sanctum.stateful', []));
+
+        return Str::startsWith($referer, $stateful) ||
+               Str::is($stateful, $referer);
     }
 }
diff --git a/tests/EnsureFrontendRequestsAreStatefulTest.php b/tests/EnsureFrontendRequestsAreStatefulTest.php
@@ -35,6 +35,15 @@ public function test_wildcard_matching()
         $this->assertTrue(EnsureFrontendRequestsAreStateful::fromFrontend($request));
     }
 
+    public function test_requests_are_not_stateful_without_referer()
+    {
+        $this->app['config']->set('sanctum.stateful', ['']);
+
+        $request = Request::create('/');
+
+        $this->assertFalse(EnsureFrontendRequestsAreStateful::fromFrontend($request));
+    }
+
     protected function getPackageProviders($app)
     {
         return [SanctumServiceProvider::class];