From 60d65e8bb2aa357a217eb8d409612026d26a8c4a Mon Sep 17 00:00:00 2001
From: sungro815 <sungro81@gmail.com>
Date: Wed, 7 Jan 2026 15:47:56 +0900
Subject: [PATCH] =?UTF-8?q?Trusted=20Proxies=20=EC=84=A4=EC=A0=95=20(HTTPS?=
 =?UTF-8?q?=20=EC=9D=B8=EC=8B=9D,=20secure=20cookie,=20URL=20=EC=83=9D?=
 =?UTF-8?q?=EC=84=B1=20=EC=98=A4=EB=A5=98=20=EB=B0=A9=EC=A7=80)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bootstrap/app.php | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/bootstrap/app.php b/bootstrap/app.php
index c183276..f5ec713 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -11,7 +11,19 @@ return Application::configure(basePath: dirname(__DIR__))
         health: '/up',
     )
     ->withMiddleware(function (Middleware $middleware): void {
-        //
+        // NAS reverse proxy / 로드밸런서 뒤에서 HTTPS를 올바르게 인식하게 함
+        $middleware->trustProxies(at: [
+            '192.168.100.0/24',   // NAS/내부 대역 (필요시 조정)
+            '127.0.0.0/8',
+            '10.0.0.0/8',
+            '172.16.0.0/12',
+        ]);
+
+        // Host header 공격 방지: 우리 도메인만 허용
+        $middleware->trustHosts(at: [
+            'four.syye.net',
+            'shot.syye.net',
+        ]);
     })
     ->withExceptions(function (Exceptions $exceptions): void {
         //