From f0218232876247e9101abb3ca4591bd0ae4b7a7a Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Wed, 11 May 2022 16:46:59 +0100 Subject: [PATCH] Updated default value for secure session detection Updated default value for APP_URL so that the startsWith call is not passed null, since that causes deprecation notice in PHP8.1. Would show when APP_URL was not set, adding extra confusiion. --- app/Config/session.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Config/session.php b/app/Config/session.php index 4bbb78901..a00d75807 100644 --- a/app/Config/session.php +++ b/app/Config/session.php @@ -72,7 +72,7 @@ return [ // to the server if the browser has a HTTPS connection. This will keep // the cookie from being sent to you if it can not be done securely. 'secure' => env('SESSION_SECURE_COOKIE', null) - ?? Str::startsWith(env('APP_URL'), 'https:'), + ?? Str::startsWith(env('APP_URL', ''), 'https:'), // HTTP Access Only // Setting this value to true will prevent JavaScript from accessing the