[PR #1797] [MERGED] feat: implement and use new confg key for trusted hosts #1875

New issue

Closed

opened 2026-02-26 03:32:38 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 03:32:38 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/koel/koel/pull/1797
Author: @MichaIng
Created: 7/16/2024
Status: ✅ Merged
Merged: 7/16/2024
Merged by: @phanan

Base: master ← Head: trusted-hosts

---

📝 Commits (1)

• a9673d9 feat: implement and use new confg key for trusted hosts

📊 Changes

3 files changed (+19 additions, -3 deletions)

View changed files

📝 .env.example (+5 -0)
📝 app/Http/Middleware/TrustHosts.php (+1 -3)
📝 config/app.php (+13 -0)

📄 Description

After commit github.com/koel/koel@e969549, Koel accepts only the hostname from APP_URL (and all its sub domains) as trusted hosts, as long as HTTPS is not enforced. This breaks access with .env.example, until APP_URL is set, and then allows to define a single trusted host only, which can be a problem instances which one wants to access from localhost, from within LAN via local hostname or IP, and remotely with a public hostname at the same time, or for testing instances.

This commit introduces a new config key TRUSTED_HOSTS. It is empty by default, which permits access via all hostnames, restoring the pre-v7.0.0 behaviour. When definitng it as comma-separated list of hostnames (and/or IPs), access is restricted to those.

Fixes: #1796

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/koel/koel/pull/1797 **Author:** [@MichaIng](https://github.com/MichaIng) **Created:** 7/16/2024 **Status:** ✅ Merged **Merged:** 7/16/2024 **Merged by:** [@phanan](https://github.com/phanan) **Base:** `master` ← **Head:** `trusted-hosts` --- ### 📝 Commits (1) - [`a9673d9`](https://github.com/koel/koel/commit/a9673d963ca0649becd6e5803f969e8df4e21374) feat: implement and use new confg key for trusted hosts ### 📊 Changes **3 files changed** (+19 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `.env.example` (+5 -0) 📝 `app/Http/Middleware/TrustHosts.php` (+1 -3) 📝 `config/app.php` (+13 -0) </details> ### 📄 Description After commit https://github.com/koel/koel/commit/e969549, Koel accepts only the hostname from `APP_URL` (and all its sub domains) as trusted hosts, as long as HTTPS is not enforced. This breaks access with `.env.example`, until `APP_URL` is set, and then allows to define a single trusted host only, which can be a problem instances which one wants to access from localhost, from within LAN via local hostname or IP, and remotely with a public hostname at the same time, or for testing instances. This commit introduces a new config key `TRUSTED_HOSTS`. It is empty by default, which permits access via all hostnames, restoring the pre-v7.0.0 behaviour. When definitng it as comma-separated list of hostnames (and/or IPs), access is restricted to those. Fixes: #1796 --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 03:32:38 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-26 03:32:48 +03:00

[PR #1875] [CLOSED] feat: update album thumbnail on queue page #1933

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/composer/phpunit/phpunit-12.5.22

dependabot/npm_and_yarn/dompurify-3.4.0

dependabot/npm_and_yarn/vite-plus-0.1.17

dependabot/composer/phpseclib/phpseclib-3.0.51

release

1889-duplicate-upload-detection

test/home-screen-empty-to-content

fix/exclude-songless-albums-from-recently-added

refactor/laravel-prompts

fix/wma-cover-art-exception

fix/remove-redundant-seed-step

chore/upgrade-laravel-13

chore/upgrade-vue-3.5.29

test/phase-7-components

dbg-2142

demo-fix

debug-mysql

trusthosts

seek

fix-equalizer

sentry

invite-user

remove-v6-obsolete

fix/song-list

feat/paths-filter

fix/home

fix/footer

feat/progressive

php81

dev/public-playlists

cy

feat/l7

dependabot/composer/pusher/pusher-php-server-4.1.4

dependabot/composer/laravel/framework-5.8.38

dependabot/composer/jackiedo/dotenv-editor-1.1.1

renovate/pin-dependencies

actions

api-doc

feat/recently-played

fix-tests

fix-cover-page

upload

stylejs-196

compilation

vuex

android-notif

nojquery

demo

vue2

2.0

1.1

v9.1.1

latest

v9.1.0

v9.0.0

v8.3.1

v8.3.0

v8.2.0

v8.1.0

v8.0.0

v7.15.1

v7.15.0

v7.14.0

v7.13.0

v7.12.0

v7.11.0

v7.10.4

v7.10.3

v7.10.2

v7.10.1

v7.10.0

v7.9.0

v7.8.1

v7.8.0

v7.7.1

v7.7.0

v7.6.3

v7.6.2

v7.6.1

v7.6.0

v7.5.2

v7.5.1

v7.5.0

v7.4.2

v7.4.1

v7.4.0

v7.3.1

v7.3.0

v7.2.2

v7.2.1

v7.2.0

v7.1.0

v7.0.12

v7.0.11

v7.0.10

v7.0.9

v7.0.8

v7.0.7

v7.0.6

v7.0.5

v7.0.4

v7.0.3

v7.0.2

v7.0.1

v7.0.0

v6.12.1

v6.12.0

v6.11.5

v6.11.4

v6.11.3

v6.11.2

v6.11.1

v6.11.0

v6.10.0

v6.9.0

v6.8.5

v6.8.4

v6.8.3

v6.8.2

v6.8.1

v6.8.0

v6.7.5

v6.7.4

v6.7.3

v6.7.2

v6.7.1

v6.7.0

v6.6.0

v6.5.3

v6.5.2

v6.5.1

v6.5.0

v6.4.3

v6.4.2

v6.4.1

v6.4.0

v6.3.0

v6.2.2

v6.2.1

v6.2.0

v6.1.0

v6.0.6

v6.0.5

v6.0.4

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v0.0.0-beta

v5.1.14

v5.1.13

v5.1.12

v5.1.11

v5.1.10

v5.1.9

v5.1.8

v5.1.7

v5.1.6

v5.1.5

v5.1.4

v5.1.3

v5.1.2

v5.1.1

v5.1.0

v5.0.2

v5.0.1

v5.0.0

v4.4.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.1

v4.1.0

v4.0.0

v3.7.2

v3.7.1

v3.7.0

v3.6.2

v3.6.1

v3.6.0

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.1

v3.4.0

v3.3.1

v3.3.0

v3.2.0

v3.1.1

v3.1.0

v3.0.1

v3.0.0

v2.2.1

v2.2.0

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.1.2

v1.1.1

1.0.0-beta

Labels

Clear labels   

Authentication

  

Dependencies

  

Documentation

  

Feature Request

  

Flac

  

Help Wanted

  

Installation/Setup

  

Integration

  

Mobile

  

PR Welcome

  

Pending Release

  

Performance

  

Playlist

  

S3

  

Search

  

Sync

  

[Pri] Low

  

[Pri] Normal

  

[Status] Keep Open

  

[Status] Needs Author Reply

  

[Status] Needs Review

  

[Status] Stale

  

[Status] Will Implement

  

[Type] Blessed

  

[Type] Bug

  

[Type] Duplicate

  

[Type] Enhancement

  

[Type] Help Request

  

[Type] Question

  

[Type] Task

  

pull-request

Mirrored from GitHub Pull Request

No labels

Authentication

Dependencies

Documentation

Feature Request

Flac

Help Wanted

Installation/Setup

Integration

Mobile

PR Welcome

Pending Release

Performance

Playlist

S3

Search

Sync

[Pri] Low

[Pri] Normal

[Status] Keep Open

[Status] Needs Author Reply

[Status] Needs Review

[Status] Stale

[Status] Will Implement

[Type] Blessed

[Type] Bug

[Type] Duplicate

[Type] Enhancement

[Type] Help Request

[Type] Question

[Type] Task

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/koel-koel#1875

No description provided.