From 777cab49fa315cf6f257da696178e1fe9a095b8d Mon Sep 17 00:00:00 2001
From: Roardom <roardom@protonmail.com>
Date: Tue, 27 May 2025 20:36:08 +0000
Subject: [PATCH] fix: don't hardcode websockets port in csp config

Allows using websocket on other ports specified in the VITE_ECHO_ADDRESS env variable.
---
 config/secure-headers.php | 4 ++--
 phpstan-baseline.neon     | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config/secure-headers.php b/config/secure-headers.php
index 52e0e2fb9..def62fdc9 100644
--- a/config/secure-headers.php
+++ b/config/secure-headers.php
@@ -487,8 +487,8 @@ return [
             'self' => true,
 
             'allow' => [
-                'https://'.parse_url(env('APP_URL'), PHP_URL_HOST).':8443/socket.io/',
-                'wss://'.parse_url(env('APP_URL'), PHP_URL_HOST).':8443/socket.io/',
+                'https://'.parse_url(env('VITE_ECHO_ADDRESS'), PHP_URL_HOST).(parse_url(env('VITE_ECHO_ADDRESS'), PHP_URL_PORT) === null ? '' : ':'.parse_url(env('VITE_ECHO_ADDRESS'), PHP_URL_PORT)).'/socket.io/',
+                'wss://'.parse_url(env('VITE_ECHO_ADDRESS'), PHP_URL_HOST).(parse_url(env('VITE_ECHO_ADDRESS'), PHP_URL_PORT) === null ? '' : ':'.parse_url(env('VITE_ECHO_ADDRESS'), PHP_URL_PORT)).'/socket.io/',
                 'https://api.themoviedb.org/',
             ],
         ],
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
index 55d6dc1bc..a2d40d32d 100644
--- a/phpstan-baseline.neon
+++ b/phpstan-baseline.neon
@@ -867,7 +867,7 @@ parameters:
 		-
 			message: '#^Parameter \#1 \$url of function parse_url expects string, bool\|string\|null given\.$#'
 			identifier: argument.type
-			count: 2
+			count: 6
 			path: config/secure-headers.php
 
 		-