Merge pull request #11592 from firefly-iii/release-1769398904

🤖 Automatically merge the PR into the develop branch.

THANKS.md

@@ -4,6 +4,7 @@ Over time, many people have contributed to Firefly III. Their efforts are not al
 Please find below all the people who contributed to the Firefly III code. Their names are mentioned in the year of their first contribution.
 
 ## 2026
+- mateuszkulapl
 - Gianluca Martino
 - embedded
 

app/Console/Commands/Correction/CorrectsUnevenAmount.php

@@ -369,7 +369,7 @@ class CorrectsUnevenAmount extends Command
                 continue;
             }
             if (!$this->isBetweenAssetAndLiability($journal)) {
-                Log::debug('Not between asset and liability, continue.');
+                // Log::debug('Not between asset and liability, continue.');
 
                 continue;
             }

app/Http/Middleware/TrustProxies.php

@@ -45,6 +45,6 @@ class TrustProxies extends Middleware
      */
     public function __construct()
     {
-        $this->proxies = (string) config('firefly.trusted_proxies');
+        $this->proxies = (string) config('trustedproxy.proxies');
     }
 }

app/Support/Models/AccountBalanceCalculator.php

@@ -93,7 +93,7 @@ class AccountBalanceCalculator
     public static function getLatestBalance(int $accountId, int $currencyId, ?Carbon $notBefore): string
     {
         if (!$notBefore instanceof Carbon) {
-            Log::debug(sprintf('Start balance for account #%d and currency #%d is 0.', $accountId, $currencyId));
+            // Log::debug(sprintf('Start balance for account #%d and currency #%d is 0.', $accountId, $currencyId));
 
             return '0';
         }

bootstrap/app.php

@@ -31,7 +31,9 @@ use FireflyIII\Http\Middleware\InterestingMessage;
 use FireflyIII\Http\Middleware\IsAdmin;
 use FireflyIII\Http\Middleware\Range;
 use FireflyIII\Http\Middleware\RedirectIfAuthenticated;
+use FireflyIII\Http\Middleware\SecureHeaders;
 use FireflyIII\Http\Middleware\StartFireflySession;
+use FireflyIII\Http\Middleware\TrustProxies;
 use FireflyIII\Http\Middleware\VerifyCsrfToken;
 use Illuminate\Contracts\Debug\ExceptionHandler;
 use Illuminate\Contracts\Http\Kernel;
@@ -39,6 +41,13 @@ use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
 use Illuminate\Foundation\Configuration\Middleware;
+use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
+use Illuminate\Foundation\Http\Middleware\InvokeDeferredCallbacks;
+use Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance;
+use Illuminate\Foundation\Http\Middleware\TrimStrings;
+use Illuminate\Http\Middleware\HandleCors;
+use Illuminate\Http\Middleware\ValidatePostSize;
+use Illuminate\Routing\Middleware\SubstituteBindings;
 use Illuminate\View\Middleware\ShareErrorsFromSession;
 use Laravel\Passport\Http\Middleware\CreateFreshApiToken;
 use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
@@ -80,11 +89,6 @@ if (!function_exists('stringIsEqual')) {
     }
 }
 
-//$app = new Application(
-//    realpath(__DIR__ . '/../')
-//);
-
-
 $app = Application::configure(basePath: dirname(__DIR__))
                   ->withRouting(
                       web     : __DIR__ . '/../routes/web.php',
@@ -92,18 +96,40 @@ $app = Application::configure(basePath: dirname(__DIR__))
                       health  : '/up',
                   )
                   ->withMiddleware(function (Middleware $middleware): void {
+                      // overrule the standard middleware
+                      $middleware->use(
+                          [
+                              InvokeDeferredCallbacks::class,
+                              HandleCors::class,
+                              PreventRequestsDuringMaintenance::class,
+                              ValidatePostSize::class,
+                              TrimStrings::class,
+                              ConvertEmptyStringsToNull::class,
+                              SecureHeaders::class,
+                              TrustProxies::class,
+                          ]
+                      );
 
-                      // always append secure header thing.
-                      $middleware->append(\FireflyIII\Http\Middleware\SecureHeaders::class);
-
-                      // add stuff to the web group
-                      $middleware->appendToGroup('web', [
-                          StartFireflySession::class,
-                          VerifyCsrfToken::class,
-                          CreateFreshApiToken::class,
-                      ]);
+                      // overrule the web group
+                      $middleware->group('web',
+                                         [
+                                             EncryptCookies::class,
+                                             AddQueuedCookiesToResponse::class,
+                                             StartFireflySession::class,
+                                             ShareErrorsFromSession::class,
+                                             VerifyCsrfToken::class,
+                                             SubstituteBindings::class,
+                                             CreateFreshApiToken::class,
+                                         ]
+                      );
                       // new group?
-                      $middleware->appendToGroup('binders-only', [Installer::class, EncryptCookies::class, AddQueuedCookiesToResponse::class, Binder::class]);
+                      $middleware->appendToGroup('binders-only',
+                                                 [
+                                                     Installer::class,
+                                                     EncryptCookies::class,
+                                                     AddQueuedCookiesToResponse::class,
+                                                     Binder::class,
+                                                 ]);
 
                       //
                       $middleware->appendToGroup('user-not-logged-in', [

config/auth.php

@@ -64,6 +64,7 @@ return [
         'web'               => [
             'driver'   => 'session',
             'provider' => 'users',
+            'remember' => true,
         ],
         'remote_user_guard' => [
             'driver'   => 'remote_user_guard',

config/firefly.php

@@ -78,8 +78,8 @@ return [
         'running_balance_column' => (bool)envNonEmpty('USE_RUNNING_BALANCE', true), // this is only the default value, is not used.
         // see cer.php for exchange rates feature flag.
     ],
-    'version'                              => 'develop/2026-01-25',
-    'build_time'                           => 1769334802,
+    'version'                              => 'develop/2026-01-26',
+    'build_time'                           => 1769398777,
     'api_version'                          => '2.1.0', // field is no longer used.
     'db_version'                           => 28, // field is no longer used.
 

config/trustedproxy.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+/*
+ * trustedproxies.php
+ * Copyright (c) 2026 james@firefly-iii.org
+ *
+ * This file is part of Firefly III (https://github.com/firefly-iii).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+return [
+    'proxies' => env('TRUSTED_PROXIES', ''),
+];

package-lock.json

@@ -4019,9 +4019,9 @@
             }
         },
         "node_modules/axios": {
-            "version": "1.13.2",
-            "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.2.tgz",
-            "integrity": "sha512-VPk9ebNqPcy5lRGuSlKx752IlDatOjT9paPlm8A7yOuW2Fbvp4X3JznJtT4f0GzGLLiWE9W8onz51SqLYwzGaA==",
+            "version": "1.13.3",
+            "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.3.tgz",
+            "integrity": "sha512-ERT8kdX7DZjtUm7IitEyV7InTHAF42iJuMArIiDIV5YtPanJkgw4hw5Dyg9fh0mihdWNn1GKaeIWErfe56UQ1g==",
             "dev": true,
             "license": "MIT",
             "dependencies": {

resources/views/layout/default.twig

@@ -11,8 +11,6 @@
     <meta name="csrf-token" content="{{ csrf_token() }}">
     <meta name="robots" content="noindex, nofollow, noarchive, noodp, NoImageIndex, noydir">
     <meta name="apple-mobile-web-app-capable" content="yes">
-    <meta name="color-scheme" content="light dark">
-
     <title>
         {% if pageTitle %}
             {{ pageTitle }} »
@@ -39,6 +37,7 @@
     <link href="v1/lib/adminlte/css/AdminLTE.min.css?v={{ FF_BUILD_TIME }}" rel="stylesheet" type="text/css"
           nonce="{{ JS_NONCE }}">
     {% if 'browser' == darkMode %}
+        <meta name="color-scheme" content="light dark">
         <script nonce="{{ JS_NONCE }}">
             // If `prefers-color-scheme` is not supported, fall back to light mode.
             // In this case, light.css will be downloaded with `highest` priority.
@@ -58,12 +57,14 @@
               nonce="{{ JS_NONCE }}" media="(prefers-color-scheme: light)">
     {% endif %}
     {% if 'dark' == darkMode %}
+        <meta name="color-scheme" content="dark">
         <link href="v1/css/daterangepicker-dark.css?v={{ FF_BUILD_TIME }}" rel="stylesheet" type="text/css"
               nonce="{{ JS_NONCE }}">
         <link href="v1/lib/adminlte/css/skins/skin-dark.min.css?v={{ FF_BUILD_TIME }}" rel="stylesheet" type="text/css"
               nonce="{{ JS_NONCE }}">
     {% endif %}
     {% if 'light' == darkMode %}
+        <meta name="color-scheme" content="light">
         <link href="v1/css/daterangepicker-light.css?v={{ FF_BUILD_TIME }}" rel="stylesheet" type="text/css"
               nonce="{{ JS_NONCE }}">
         <link href="v1/lib/adminlte/css/skins/skin-light.min.css?v={{ FF_BUILD_TIME }}" rel="stylesheet" type="text/css"

resources/views/layout/empty.twig

@@ -9,7 +9,6 @@
     <meta name="csrf-token" content="{{ csrf_token() }}">
     <meta content='width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no' name='viewport'>
     <meta name="apple-mobile-web-app-capable" content="yes">
-    <meta name="color-scheme" content="light dark">
 
     {# CSS things #}
 
@@ -20,6 +19,7 @@
     {# the theme #}
     <link href="v1/lib/adminlte/css/AdminLTE.min.css?v={{ FF_BUILD_TIME }}" rel="stylesheet" type="text/css" nonce="{{ JS_NONCE }}">
     {% if 'browser' == darkMode %}
+        <meta name="color-scheme" content="light dark">
         <script nonce="{{ JS_NONCE }}">
             // If `prefers-color-scheme` is not supported, fall back to light mode.
             // In this case, light.css will be downloaded with `highest` priority.
@@ -35,9 +35,11 @@
         <link href="v1/lib/adminlte/css/skins/skin-light.min.css?v={{ FF_BUILD_TIME }}" rel="stylesheet" type="text/css" nonce="{{ JS_NONCE }}" media="(prefers-color-scheme: light)">
     {% endif %}
     {% if 'dark' == darkMode %}
+        <meta name="color-scheme" content="dark">
         <link href="v1/lib/adminlte/css/skins/skin-dark.min.css?v={{ FF_BUILD_TIME }}" rel="stylesheet" type="text/css" nonce="{{ JS_NONCE }}">
     {% endif %}
     {% if 'light' == darkMode %}
+        <meta name="color-scheme" content="light">
         <link href="v1/lib/adminlte/css/skins/skin-light.min.css?v={{ FF_BUILD_TIME }}" rel="stylesheet" type="text/css" nonce="{{ JS_NONCE }}">
     {% endif %}
 

resources/views/layout/guest.twig

@@ -5,8 +5,6 @@
     <meta charset="UTF-8">
     <meta name="robots" content="noindex, nofollow, noarchive, noodp, NoImageIndex, noydir">
     <meta name="apple-mobile-web-app-capable" content="yes">
-    <meta name="color-scheme" content="light dark">
-
     <title>Firefly III
 
         {% if title != "Firefly" and title != "" %}
@@ -30,6 +28,7 @@
     {# the theme #}
     <link href="v1/lib/adminlte/css/AdminLTE.min.css?v={{ FF_BUILD_TIME }}" rel="stylesheet" type="text/css" nonce="{{ JS_NONCE }}">
     {% if 'browser' == darkMode %}
+        <meta name="color-scheme" content="light dark">
         <script nonce="{{ JS_NONCE }}">
             // If `prefers-color-scheme` is not supported, fall back to light mode.
             // In this case, light.css will be downloaded with `highest` priority.
@@ -45,9 +44,11 @@
         <link href="v1/lib/adminlte/css/skins/skin-light.min.css?v={{ FF_BUILD_TIME }}" rel="stylesheet" type="text/css" nonce="{{ JS_NONCE }}" media="(prefers-color-scheme: light)">
     {% endif %}
     {% if 'dark' == darkMode %}
+        <meta name="color-scheme" content="dark">
         <link href="v1/lib/adminlte/css/skins/skin-dark.min.css?v={{ FF_BUILD_TIME }}" rel="stylesheet" type="text/css" nonce="{{ JS_NONCE }}">
     {% endif %}
     {% if 'light' == darkMode %}
+        <meta name="color-scheme" content="light">
         <link href="v1/lib/adminlte/css/skins/skin-light.min.css?v={{ FF_BUILD_TIME }}" rel="stylesheet" type="text/css" nonce="{{ JS_NONCE }}">
     {% endif %}