From b0a4102637ec53930ea74b88803c58e9ac96caaf Mon Sep 17 00:00:00 2001
From: myrmidex <myrmidex@myrmidex.net>
Date: Sun, 26 Apr 2026 11:56:39 +0200
Subject: [PATCH] 5 - Trust forwarded headers behind reverse proxy for real
 client IP

---
 bootstrap/app.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/bootstrap/app.php b/bootstrap/app.php
index 0be149f..27faf69 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -3,6 +3,7 @@
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
+use Illuminate\Http\Request;
 
 return Application::configure(basePath: dirname(__DIR__))
     ->withRouting(
@@ -11,7 +12,11 @@
         health: '/up',
     )
     ->withMiddleware(function (Middleware $middleware): void {
-        //
+        $middleware->trustProxies(
+            at: '*',
+            headers: Request::HEADER_X_FORWARDED_FOR
+                | Request::HEADER_X_FORWARDED_PROTO,
+        );
     })
     ->withExceptions(function (Exceptions $exceptions): void {
         //