From ef0af6cb944d7d827be72f4449fd51c5ed46ffb8 Mon Sep 17 00:00:00 2001
From: Derek <derekmd@hotmail.com>
Date: Wed, 15 Sep 2021 18:09:07 -0400
Subject: [PATCH] Don't log HTTP requests to Telescope endpoints

v4.6.3 started logging database entries for /telescope/requests, etc.
due to the config('telescope.domain') checks introduced by
95631f9b8cabdfd64ed76abb0a5ddbb150855463

1. For the base configuration Telescope installs by default,
   `null !== $request->getHost()` so requestIsToApprovedDomain() is
   always returning true. requestIsToApprovedUri() is never checked and
   config('telescope.only_paths') is ignored. This new method should
   only consider a custom Telescope domain being configured. Return
   true if nothing is configured as the URI will be checked instead.
2. Exclude `config('telescope.path') === null` when another domain is
   being used since `! $request->is('*')` would stop any path from being
   logged. Last week's commit was intended to fix this problem.
3. config('telescope.only_paths') must also be checked even when
   requestIsToApprovedDomain() is true. handlingApprovedRequest() must
   be checking both domain _and_ URI.
---
 src/Telescope.php | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/Telescope.php b/src/Telescope.php
index fbeb5310a..7b3c721cb 100644
--- a/src/Telescope.php
+++ b/src/Telescope.php
@@ -200,8 +200,8 @@ protected static function handlingApprovedRequest($app)
             return false;
         }
 
-        return static::requestIsToApprovedDomain($app['request'])
-            || static::requestIsToApprovedUri($app['request']);
+        return static::requestIsToApprovedDomain($app['request']) &&
+            static::requestIsToApprovedUri($app['request']);
     }
 
     /**
@@ -212,9 +212,8 @@ protected static function handlingApprovedRequest($app)
      */
     protected static function requestIsToApprovedDomain($request): bool
     {
-        $currentHost = $request->getHost();
-
-        return config('telescope.domain', $currentHost) !== $currentHost;
+        return is_null(config('telescope.domain')) ||
+            config('telescope.domain') !== $request->getHost();
     }
 
     /**
@@ -230,13 +229,17 @@ protected static function requestIsToApprovedUri($request)
         }
 
         return ! $request->is(
-            array_merge([
-                config('telescope.path').'*',
+            collect([
                 'telescope-api*',
                 'vendor/telescope*',
                 'horizon*',
                 'vendor/horizon*',
-            ], config('telescope.ignore_paths', []))
+            ])
+            ->merge(config('telescope.ignore_paths', []))
+            ->unless(is_null(config('telescope.path')), function ($paths) {
+                return $paths->prepend(config('telescope.path').'*');
+            })
+            ->all()
         );
     }