Fix: SESSION_SECURE_COOKIE verhindert HTTP-Setup (419-Fehler)

Installer setzt SESSION_SECURE_COOKIE=false initial – damit Setup-Wizard über http://ip erreichbar ist. WizardDomains setzt es auf true nach erfolgreichem SSL. mount()-Redirect ohne exit (sauberer Return). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-24 14:29:13 +02:00 · 2026-04-24 14:29:13 +02:00 · 7d30faa7d7
parent 4f3066e225
commit 7d30faa7d7
3 changed files with 23 additions and 4 deletions
--- a/app/Console/Commands/WizardDomains.php
+++ b/app/Console/Commands/WizardDomains.php
@ -84,6 +84,26 @@ class WizardDomains extends Command

        file_put_contents(self::STATE_DIR . '/done', $helperOk ? '1' : '0');
        Setting::set('ssl_configured', $helperOk ? '1' : '0');
+
+        if ($helperOk && $ssl) {
+            $this->updateEnv(base_path('.env'), 'SESSION_SECURE_COOKIE', 'true');
+        }
+
        return self::SUCCESS;
    }
+
+    private function updateEnv(string $path, string $key, string $value): void
+    {
+        $content = @file_get_contents($path) ?: '';
+        $pattern = '/^' . preg_quote($key, '/') . '=[^\r\n]*/m';
+        $line    = $key . '=' . $value;
+
+        if (preg_match($pattern, $content)) {
+            $content = preg_replace($pattern, $line, $content);
+        } else {
+            $content .= "\n{$line}";
+        }
+
+        file_put_contents($path, $content);
+    }
 }
--- a/app/Livewire/Setup/Wizard.php
+++ b/app/Livewire/Setup/Wizard.php
@ -45,11 +45,10 @@ class Wizard extends Component

    private const STATE_DIR = '/var/lib/mailwolt/wizard';

-    public function mount(): void
+    public function mount()
    {
        if (request()->secure()) {
-            redirect()->to('http://' . request()->getHttpHost() . '/setup')->send();
-            exit;
+            return redirect()->to('http://' . request()->getHttpHost() . '/setup');
        }

        $this->instance_name = config('app.name', 'Mailwolt');
--- a/mailwolt-installer/scripts/80-app.sh
+++ b/mailwolt-installer/scripts/80-app.sh
@ -179,7 +179,7 @@ upsert_env CACHE_STORE                  "redis"
 upsert_env CACHE_DRIVER                 "redis"
 upsert_env CACHE_PREFIX                 "${APP_USER_PREFIX}_cache:"
 upsert_env SESSION_DRIVER               "redis"
-upsert_env SESSION_SECURE_COOKIE        "${SECURE}"   # DEV=false, PROD=true
+upsert_env SESSION_SECURE_COOKIE        "false"        # wird nach SSL-Setup auf true gesetzt
 upsert_env SESSION_SAMESITE             "lax"
 upsert_env REDIS_CLIENT                 "phpredis"
 upsert_env REDIS_HOST                   "127.0.0.1"