167 lines
5.5 KiB
Bash
Executable File
167 lines
5.5 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
echo "🛡️ Fix: Safari Sicherheitswarnungen"
|
|
echo "=================================="
|
|
|
|
# 1. .env HTTPS-Einstellungen
|
|
echo "1. 🔒 HTTPS-Einstellungen in .env..."
|
|
if [ -f .env ]; then
|
|
# Setze alle HTTPS-Einstellungen
|
|
sed -i 's|APP_URL=.*|APP_URL=https://neonail.vogt.de.com|' .env
|
|
sed -i 's/APP_DEBUG=false/APP_DEBUG=true/' .env
|
|
sed -i 's/APP_ENV=production/APP_ENV=local/' .env
|
|
|
|
# HTTPS-spezifische Einstellungen
|
|
echo "FORCE_HTTPS=true" >> .env
|
|
echo "SECURE_COOKIES=true" >> .env
|
|
echo "SESSION_SECURE_COOKIE=true" >> .env
|
|
echo "SESSION_SAME_SITE=lax" >> .env
|
|
echo "SESSION_HTTP_ONLY=true" >> .env
|
|
|
|
echo " ✅ .env HTTPS-Einstellungen aktualisiert"
|
|
else
|
|
echo " ❌ .env Datei nicht gefunden"
|
|
fi
|
|
|
|
# 2. Session-Konfiguration
|
|
echo "2. 🍪 Session-Konfiguration..."
|
|
if [ -f config/session.php ]; then
|
|
sed -i "s/'secure' => false/'secure' => true/" config/session.php
|
|
sed -i "s/'http_only' => false/'http_only' => true/" config/session.php
|
|
echo " ✅ Session-Konfiguration aktualisiert"
|
|
else
|
|
echo " ❌ config/session.php nicht gefunden"
|
|
fi
|
|
|
|
# 3. CSRF-Konfiguration
|
|
echo "3. 🔐 CSRF-Konfiguration..."
|
|
if [ -f config/csrf.php ]; then
|
|
sed -i "s/'secure' => false/'secure' => true/" config/csrf.php
|
|
sed -i "s/'same_site' => 'lax'/'same_site' => 'lax'/" config/csrf.php
|
|
echo " ✅ CSRF-Konfiguration aktualisiert"
|
|
else
|
|
echo " ❌ config/csrf.php nicht gefunden"
|
|
fi
|
|
|
|
# 4. .htaccess HTTPS-Headers
|
|
echo "4. 🌐 .htaccess HTTPS-Headers..."
|
|
if [ -f public/.htaccess ]; then
|
|
# Füge HTTPS-Headers hinzu
|
|
if ! grep -q "Strict-Transport-Security" public/.htaccess; then
|
|
sed -i '/# Security Headers/a\
|
|
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"\
|
|
Header always set Content-Security-Policy "upgrade-insecure-requests"' public/.htaccess
|
|
fi
|
|
|
|
# Force HTTPS
|
|
if ! grep -q "RewriteCond %{HTTPS} off" public/.htaccess; then
|
|
sed -i '/RewriteEngine On/a\
|
|
RewriteCond %{HTTPS} off\
|
|
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]' public/.htaccess
|
|
fi
|
|
|
|
echo " ✅ .htaccess HTTPS-Headers aktualisiert"
|
|
else
|
|
echo " ❌ public/.htaccess nicht gefunden"
|
|
fi
|
|
|
|
# 5. AppServiceProvider HTTPS-Force
|
|
echo "5. 🔧 AppServiceProvider HTTPS-Force..."
|
|
if [ -f app/Providers/AppServiceProvider.php ]; then
|
|
if ! grep -q "URL::forceScheme('https')" app/Providers/AppServiceProvider.php; then
|
|
sed -i "/public function boot(): void/a\\
|
|
if (config('app.env') === 'production') {\\
|
|
URL::forceScheme('https');\\
|
|
}" app/Providers/AppServiceProvider.php
|
|
fi
|
|
echo " ✅ AppServiceProvider HTTPS-Force aktualisiert"
|
|
else
|
|
echo " ❌ AppServiceProvider nicht gefunden"
|
|
fi
|
|
|
|
# 6. Laravel Cache leeren
|
|
echo "6. 🧹 Laravel Cache leeren..."
|
|
php artisan cache:clear 2>/dev/null || echo " ⚠️ cache:clear übersprungen"
|
|
php artisan config:clear 2>/dev/null || echo " ⚠️ config:clear übersprungen"
|
|
php artisan route:clear 2>/dev/null || echo " ⚠️ route:clear übersprungen"
|
|
php artisan view:clear 2>/dev/null || echo " ⚠️ view:clear übersprungen"
|
|
|
|
# 7. Test-Script erstellen
|
|
echo "7. 🧪 Test-Script erstellen..."
|
|
cat > test-https-security.php << 'EOF'
|
|
<?php
|
|
// Test der HTTPS-Sicherheit
|
|
echo "🔒 HTTPS-Sicherheit Test\n";
|
|
echo "======================\n\n";
|
|
|
|
// 1. Prüfe .env Einstellungen
|
|
echo "1. .env Einstellungen:\n";
|
|
$envVars = ['APP_URL', 'FORCE_HTTPS', 'SECURE_COOKIES', 'SESSION_SECURE_COOKIE'];
|
|
foreach ($envVars as $var) {
|
|
$value = getenv($var) ?: 'nicht gesetzt';
|
|
echo " - $var: $value\n";
|
|
}
|
|
|
|
// 2. Prüfe Session-Konfiguration
|
|
echo "\n2. Session-Konfiguration:\n";
|
|
if (file_exists('config/session.php')) {
|
|
$content = file_get_contents('config/session.php');
|
|
if (strpos($content, "'secure' => true") !== false) {
|
|
echo " ✅ Session secure: true\n";
|
|
} else {
|
|
echo " ❌ Session secure: false\n";
|
|
}
|
|
if (strpos($content, "'http_only' => true") !== false) {
|
|
echo " ✅ Session http_only: true\n";
|
|
} else {
|
|
echo " ❌ Session http_only: false\n";
|
|
}
|
|
}
|
|
|
|
// 3. Prüfe CSRF-Konfiguration
|
|
echo "\n3. CSRF-Konfiguration:\n";
|
|
if (file_exists('config/csrf.php')) {
|
|
$content = file_get_contents('config/csrf.php');
|
|
if (strpos($content, "'secure' => true") !== false) {
|
|
echo " ✅ CSRF secure: true\n";
|
|
} else {
|
|
echo " ❌ CSRF secure: false\n";
|
|
}
|
|
}
|
|
|
|
// 4. Prüfe .htaccess
|
|
echo "\n4. .htaccess HTTPS-Headers:\n";
|
|
if (file_exists('public/.htaccess')) {
|
|
$content = file_get_contents('public/.htaccess');
|
|
if (strpos($content, 'Strict-Transport-Security') !== false) {
|
|
echo " ✅ HSTS Header vorhanden\n";
|
|
} else {
|
|
echo " ❌ HSTS Header fehlt\n";
|
|
}
|
|
if (strpos($content, 'upgrade-insecure-requests') !== false) {
|
|
echo " ✅ CSP upgrade-insecure-requests vorhanden\n";
|
|
} else {
|
|
echo " ❌ CSP upgrade-insecure-requests fehlt\n";
|
|
}
|
|
}
|
|
|
|
echo "\n✅ HTTPS-Sicherheit Test abgeschlossen!\n";
|
|
echo "🔗 Testen Sie jetzt: https://neonail.vogt.de.com/admin/users\n";
|
|
?>
|
|
EOF
|
|
|
|
echo " ✅ Test-Script erstellt"
|
|
|
|
echo ""
|
|
echo "✅ Safari Sicherheitswarnungen behoben!"
|
|
echo ""
|
|
echo "🔗 Testen Sie jetzt:"
|
|
echo "1. Admin-Panel: https://neonail.vogt.de.com/admin/users"
|
|
echo "2. Lack löschen im Admin-Panel"
|
|
echo "3. User bearbeiten/löschen"
|
|
echo ""
|
|
echo "📝 Falls Warnungen bestehen:"
|
|
echo "- Führen Sie php test-https-security.php aus"
|
|
echo "- Prüfen Sie Browser-Entwicklertools (F12)"
|
|
echo "- Leeren Sie Browser-Cache"
|