From 8ff98502aabbd58648b67e73d81d55fd1880ea51 Mon Sep 17 00:00:00 2001
From: Raviraj Chauhan <rjchauhan8427@gmail.com>
Date: Sat, 9 May 2020 16:12:28 +0530
Subject: [PATCH 1/2] requests are not stateful without referer

---
 .../Middleware/EnsureFrontendRequestsAreStateful.php     | 4 ++++
 tests/EnsureFrontendRequestsAreStatefulTest.php          | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php b/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
index fe85d8c0..912ac6a9 100644
--- a/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
+++ b/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
@@ -58,6 +58,10 @@ public static function fromFrontend($request)
 
         $referer = Str::replaceFirst('http://', '', $referer);
 
+        if (is_null($referer)) {
+            return false;
+        }
+
         return Str::startsWith($referer, config('sanctum.stateful', [])) ||
                Str::is(config('sanctum.stateful', []), $referer);
     }
diff --git a/tests/EnsureFrontendRequestsAreStatefulTest.php b/tests/EnsureFrontendRequestsAreStatefulTest.php
index 88858cfa..1a72aa53 100644
--- a/tests/EnsureFrontendRequestsAreStatefulTest.php
+++ b/tests/EnsureFrontendRequestsAreStatefulTest.php
@@ -35,6 +35,15 @@ public function test_wildcard_matching()
         $this->assertTrue(EnsureFrontendRequestsAreStateful::fromFrontend($request));
     }
 
+    public function test_requests_are_not_stateful_without_referer()
+    {
+        $this->app['config']->set('sanctum.stateful', ['']);
+
+        $request = Request::create('/');
+
+        $this->assertFalse(EnsureFrontendRequestsAreStateful::fromFrontend($request));
+    }
+
     protected function getPackageProviders($app)
     {
         return [SanctumServiceProvider::class];

From ca5b442eb72673fcfe703aae09d31e04fe6be178 Mon Sep 17 00:00:00 2001
From: Raviraj Chauhan <rjchauhan8427@gmail.com>
Date: Sat, 9 May 2020 16:22:10 +0530
Subject: [PATCH 2/2] removed blank string values from stateful

---
 src/Http/Middleware/EnsureFrontendRequestsAreStateful.php | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php b/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
index 912ac6a9..59a9f467 100644
--- a/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
+++ b/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php
@@ -58,11 +58,9 @@ public static function fromFrontend($request)
 
         $referer = Str::replaceFirst('http://', '', $referer);
 
-        if (is_null($referer)) {
-            return false;
-        }
+        $stateful = array_filter(config('sanctum.stateful', []));
 
-        return Str::startsWith($referer, config('sanctum.stateful', [])) ||
-               Str::is(config('sanctum.stateful', []), $referer);
+        return Str::startsWith($referer, $stateful) ||
+               Str::is($stateful, $referer);
     }
 }