From e2343d90828141c2164c9abbfca83461a49a298a Mon Sep 17 00:00:00 2001
From: Philipp Reinking <philipp@deck9.co>
Date: Thu, 18 Apr 2024 17:12:53 +0200
Subject: [PATCH] improve sanctum stateful url setup and add default origin
 policy header

---
 config/sanctum.php | 4 ++--
 nginx.default.conf | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/config/sanctum.php b/config/sanctum.php
index 5e5d4f70..fd8c2b05 100644
--- a/config/sanctum.php
+++ b/config/sanctum.php
@@ -15,8 +15,8 @@
 
     'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
         '%s%s',
-        '::1,localhost:8500,localhost:8080,127.0.0.1:8500,127.0.0.1:8080',
-        env('APP_URL') ? ','.parse_url(env('APP_URL'), PHP_URL_HOST) : ''
+        '::1,127.0.0.1:8500,localhost:8500,localhost:8080,127.0.0.1:8080',
+        env('APP_URL') ? ',' . (parse_url(env('APP_URL'), PHP_URL_PORT) ? parse_url(env('APP_URL'), PHP_URL_HOST) . ':' . parse_url(env('APP_URL'), PHP_URL_PORT) : parse_url(env('APP_URL'), PHP_URL_HOST)) : ''
     ))),
 
     /*
diff --git a/nginx.default.conf b/nginx.default.conf
index 8fed4d57..a21c4895 100644
--- a/nginx.default.conf
+++ b/nginx.default.conf
@@ -13,6 +13,8 @@ server {
 
     client_max_body_size 8M;
 
+    add_header Referrer-Policy 'origin';
+
     location / {
         # First attempt to serve request as file, then
         # as directory, then fall back to index.php