devaslanphp / project-management

An open source Project management tool based on Laravel and Filament
https://devaslanphp.github.io/project-management
MIT License
783 stars 220 forks source link

SMTP-Signature Error #60

Open gaweng opened 1 year ago

gaweng commented 1 year ago

If using this project behind an reverse proxy with HTTPS, there is an problem with the verification links (403 invalid signature).

The issue is caused, that the TrustProxies-Middleware do not have an value for proxies. I'm not sure about laravel, maybe it can done with env-Variables.

For me I fixed it with an ConfigMap in Kubernetes, but a solution with an env-Variable would be the more elegant way.

heloufir commented 1 year ago

Can you please describe more the solution done with k8s, I will check if an env config is possible and let you know

gaschenk commented 1 year ago

If this issue is the same as the one I'm receiving, which is linked to email verification. e.g.: "403 - Invalid Signature". I'm by no means an expert at Laravel nor PHP but the following information is what I have gathered so far. Then the issue seems to be invalid configured proxies inside the laravel application, as in them not being trusted.

Corresponding documentation: https://laravel.com/docs/9.x/requests#configuring-trusted-proxies

Setup being something lie: Dockerized project-management application NGINX reverse proxy in front of the application.

A solution would be to either introduce a new environment variable for this, as Laravel doesn't provide one, or possibly allowing any url to be a proxy (maybe also just the app_url domain).

File in question being: app/Http/Middleware/TrustProxies.php#L8

But apparently there could also be another reason why something like this to be happening as described as the selected solution in this SO-thread: https://stackoverflow.com/questions/72241902/laravel-9-email-verification-invalid-signature I can neither deny nor confirm whether this exact issue is the case, in my specific case.