During a security audit one of the few recommendations they made was to remove or limit access to web.config.
Since this is mainly used by Microsoft IIS server it isn't necessary for most Laravel projects and could be added if someone is using Microsoft server.
* Add option to set sendmail path. Fix default
Testing this in an application, it would seem that sendmail -bs is the wrong option for this case?
What Laravel appears to do is pipe an RFC-2822 formatted message on STDIN and requires the sendmail emulation to deal with it,
rather than -bs which initiates an SMTP session.
if Exim is the default MTA then -t would seem to be the correct option.
If you have an alternative installed instead of sendmail/exim, then there's no way to set the path, so I added MAIL_SENDMAIL_PATH
so you can do, e.g.:
MAIL_SENDMAIL_PATH="/usr/bin/msmtp -t --tls=off --from=${MAIL_FROM_ADDRESS} --auto-from=off"
msmtp doesn't support -bs at all
* Update mail.php
Co-authored-by: Taylor Otwell <taylor@laravel.com>
Per https://github.com/laravel/framework/pull/35588 , the term "schema" (a namespace) has been corrected to "search_path" (a list of namespaces), where appropriate, throughout the framework.
Accordingly, the `schema` configuration key should be changed to `search_path` to better reflect the fact that it may specify a _list_ of schemata (schemas), and not just a single schema. (In several Laravel versions prior to 9.0, the `schema` key could already specify more than one schema, but this fact was undocumented and non-obvious without examining the implementation carefully.)
As of Laravel 9.0, the `search_path` may specify any number of schemata, in any of the following formats:
'search_path' => 'public',
'search_path' => 'public,laravel',
'search_path' => ['public', '"laravel"', "'foobar'", '$bat'],
'search_path' => '\'public\', "laravel", "\'foobar\'", \'$bat\'',
'search_path' => '"$user", public',
Note that in the last example, the `$user` variable refers to PostgreSQL's special $user variable, as described in the Schema Documentation ( https://www.postgresql.org/docs/current/ddl-schemas.html ).
Note also that Laravel's default `search_path` value, 'public', is not necessarily the best choice for every use case. Developers should consult the "Usage Patterns" section of the aforementioned documentation before deciding how best to set the `search_path`, as it has security implications.
