JSON-LD docs behind SSL termination proxy generates bad urls

[pculka]

API Platform version(s) affected: 2.6.2

Description
When using react-admin with hydra provider, the loading of admin fails on trying to fetch a http:// version of api/docs.jsonld while being on a https:// host This results in being blocked by the browser as trying to access insecure resources. Also, when opening api/docs.jsonld in browser, the @vocal: tag is set to http:// even when being called from https:// - this may indicate a problem with the router incorrectly elaborating the proto to use. FYI: Route generation within Symfony controllers works properly in this setup.

How to reproduce
Deploy an api-platform enabled API with jsonld/hydra support within a dockerized php-fpm environment with nginx serving the fpm stream without ssl with nginx listening on port 80 Configure a reverse proxy to terminate https:// connection forwarding all decrypted data within security perimeter to the listening container For extra features add cloudflare before your reverse proxy (i.e. 2x reverse proxy for more proxy love)

Possible Solution
Maybe respect the router.request_context.scheme param when generating jsonld doc?

Additional Context

[pculka]

And the Console in chrome says:

Mixed Content: The page at 'https://admin.DOMAIN.TLD/#/isco' was loaded over HTTPS, but requested an insecure resource 'http://DOMAIN.TLD/api/docs.jsonld'. This request has been blocked; the content must be served over HTTPS.

[dunglas]

You most likely haven't configured properly Symfony's trusted headers and proxies: https://symfony.com/doc/current/deployment/proxies.html

[pculka]

Ugh. Not sure, as I believe I've set them correctly, but I'll try and re-check.

[dunglas]

Double-check that your reverse proxy properly set the X-Forwarded-Proto header.

[pculka]

Oh yes, it was a problem between cloudflare and our waf. Still, though, symfony generator was able to generate correct urls. Maybe it would be a good idea to double check the logic behind it?