Closed cballenar closed 6 months ago
While researching, I found the following answer in a different scenario:
The CORS contract requires that authentication not be required on the pre-flight OPTIONS request. It looks like your back-end is requiring authentication on the OPTIONS request and the GET.
Which sounds like something possibly related specially if anything in the code changed. Could this be it?
I ran into a similar problem last week. This solved it: https://github.com/craftcms/cms/issues/14440#issuecomment-1985717994. It occurs after 4.8.1 because of this commit using the @web
alias https://github.com/craftcms/cms/commit/965c1a6ec9288d1f319732edc0fd26c78feb088d.
Yeah, as of 4.8.1, we are building action URLs using the @web
alias, which means the alias needs to be set correctly. If you’re overriding it, make sure it’s set to the exact same base path that Craft is being accessed from (up to but not including index.php
).
Thanks both for the feedback! Could you confirm if this is what you mean by setting it dynamically?
'@web' => $_SERVER['HTTP_HOST'] === 'craft.domain.com' ? App::env('BASE_CP_URL') : getenv('PRIMARY_SITE_URL'),
This is working locally without any issues (so far), I'm just not sure I took the most efficient approach.
I also attempted to solve via the other recommendation. So I tried NOT setting the @web
alias and using the default cpTrigger
. I thought this would resolve the domain issues but it didn't. Is there anything else I should be checking for?
@cballenar That’s probably correct, but I couldn’t say for sure without knowing all of the base URLs Craft needs to be accessed by, and what those environment variables are set to. Again, it just needs to be set to whatever URL you’re accessing Craft with, up to but not including index.php
. So if your index.php
file lives at https://craft.domain.com/index.php
, it should be https://craft.domain.com/
, etc.
So I tried NOT setting the
@web
alias and using the defaultcpTrigger
. I thought this would resolve the domain issues but it didn't. Is there anything else I should be checking for?
If not setting @web
is still not working, then there’s probably a server misconfiguration issue. Go to Utilities → PHP Info, and verify the following values look correct:
$_SERVER['HTTP_HOST']
(should be the hostname you’re accessing Craft from)$_SERVER['SCRIPT_NAME']
(should be the root-relative path to index.php
from your webroot)Thanks a ton for the patience @brandonkelly !
The problem with the alias failing turned out to be a dirty .env file that was setting the CRAFT_WEB_URL
too.
All systems back to normal AND the configuration has been simplified!
Sweet! Glad you’re back up and running.
Thanks both for the feedback! Could you confirm if this is what you mean by setting it dynamically?
'@web' => $_SERVER['HTTP_HOST'] === 'craft.domain.com' ? App::env('BASE_CP_URL') : getenv('PRIMARY_SITE_URL'),
This is working locally without any issues (so far), I'm just not sure I took the most efficient approach.
I also attempted to solve via the other recommendation. So I tried NOT setting the
@web
alias and using the defaultcpTrigger
. I thought this would resolve the domain issues but it didn't. Is there anything else I should be checking for?
@brandonkelly Following the above setup, we now have "broken" preview links in the CMS. We serve the CP from a custom domain "website-admin.be" instead of "website.be" and now the live preview URLs and globe URLs in the CMS have turned into "website-admin.be/web-page" instead of the normal "website.be/web-page" (which in turn give us different CORS errors.
We have the following setup from this article: https://craftcms.com/knowledge-base/access-control-panel-from-alternate-domain
Is this still the correct setup going forward or what do we need to change?
@ishetnogferre What is your section’s preview target URL(s) set to?
@brandonkelly they're all set to {url}
What’s the site URL?
We're setup like this:
'aliases' => [
'@web' => App::env('PRIMARY_SITE_URL'),
]
with the site URL of the primary website being: "@web" and multisites like "@web/fr" or "@web/nl". Now that I'm typing that, is it correct we remove that alias and set the site URLs via that env var?
@web
should be set to the current requested hostname (and possibly a subpath, if index.php
lives in a subdirectory of the webroot).
If your control panel has a different base URL than PRIMARY_SITE_URL
, you should absolutely not be setting @web
to that.
Instead, just stop setting @web
altogether, and set your site’s base URL to $PRIMARY_SITE_URL
instead.
@brandonkelly for me, unsetting @web
or 'CRAFT_WEB_URL' did not work, I had to explicitly set 'CRAFT_WEB_URL' to '/var/www/html'
Actually, when unsettling the @web
variable, my site does not resolve the subdomains anymore. So, for instance the baking subsite url (https://baking.webervacuum.group) is showing the default site (https://webervacuum.group). When setting this CRAFT_WEB_URL to the specific path, the subdomain website resolves correctly.
Can that do any harm?
@brandonkelly for me, unsetting
@web
or 'CRAFT_WEB_URL' did not work, I had to explicitly set 'CRAFT_WEB_URL' to '/var/www/html'
If you’re going to set @web
/CRAFT_WEB_URL
, it needs to be set to a base URL, not a path. I have no idea how setting it to /var/www/html
would work; it would theoretically cause all your URLs to be prefixed with /var/www/html
. Are you sure you’re not looking at @webroot
/CRAFT_WEB_ROOT
(which is meant to be set to the path to the webroot)?
Actually, when unsettling the
@web
variable, my site does not resolve the subdomains anymore.
Go to Utilities → PHP Info from a subdomain (e.g. https://baking.webervacuum.group/admin/utilities/php-info) and search for these values:
HTTP_HOST
SERVER_NAME
X_FORWARDED_HOST
X_ORIGINAL_HOST
What are they set to?
Hi Brandon, thanks for your response!
@brandonkelly for me, unsetting
@web
or 'CRAFT_WEB_URL' did not work, I had to explicitly set 'CRAFT_WEB_URL' to '/var/www/html'If you’re going to set
@web
/CRAFT_WEB_URL
, it needs to be set to a base URL, not a path. I have no idea how setting it to/var/www/html
would work; it would theoretically cause all your URLs to be prefixed with/var/www/html
. Are you sure you’re not looking at@webroot
/CRAFT_WEB_ROOT
(which is meant to be set to the path to the webroot)?
Strangely enough, no. I really don't know why this is happening
Actually, when unsettling the
@web
variable, my site does not resolve the subdomains anymore.Go to Utilities → PHP Info from a subdomain (e.g. https://baking.webervacuum.group/admin/utilities/php-info) and search for these values:
HTTP_HOST
SERVER_NAME
X_FORWARDED_HOST
X_ORIGINAL_HOST
What are they set to?
When I unset the CRAFT_WEB_URL variable, those are the values. However, when I then navigate to baking.webervacuum.group it shows the contents of webervacuum.group on the front-end.
$_SERVER['HTTP_HOST'] baking.webervacuum.group $_SERVER['SERVER_NAME'] baking.webervacuum.group
X_FORWARDED_HOST and X_ORIGINAL_HOST are not available.
When I unset the CRAFT_WEB_URL variable, those are the values. However, when I then navigate to baking.webervacuum.group it shows the contents of webervacuum.group on the front-end.
So that’s the issue. Both HTTP_HOST
and SERVER_NAME
should be getting set to the full host name (baking.webervacuum.group
). If that’s not happening, it’s a server/infrastructure misconfiguration issue. Craft relies on those values being accurate so it knows which URL is being requested.
When I unset the CRAFT_WEB_URL variable, those are the values. However, when I then navigate to baking.webervacuum.group it shows the contents of webervacuum.group on the front-end.
So that’s the issue. Both
HTTP_HOST
andSERVER_NAME
should be getting set to the full host name (baking.webervacuum.group
). If that’s not happening, it’s a server/infrastructure misconfiguration issue. Craft relies on those values being accurate so it knows which URL is being requested.
Okay, so what should HTTP_HOST
then be? For the baking site it should be baking.webervacuum.group
, right?
Basically what happens is that when I set the CRAFT_WEB_URL
value to https://webervacuum.group/
everything works, except Sprig and then I cannot navigate to the admin panel of the subdomain (e.g. baking.webervacuum.group)
However if I unset the CRAFT_WEB_URL
value, I can navigate to the admin panel of the subdomain (e.g. baking.webervacuum.group) and HTTP_HOST
is set to baking.webervacuum.group
but the front-end is not working anymore.
Basically how my server is set up; it is nothing else than that the hostnames of each subdomain are pointing to the webroot of the main domain webervacuum.group
(according to the documentation: https://craftcms.com/docs/5.x/system/sites.html)
Okay, so what should
HTTP_HOST
then be? For the baking site it should bebaking.webervacuum.group
, right?
When you’re accessing baking.webervacuum.group
, yes. And when you’re accessing webervacuum.group
(no subdomain) it should be set to webervacuum.group
.
HTTP_HOST
should just be set to whatever the browser sets the Host
header to, which is going to be the host name in the requested URL. So somewhere along the line, your server/infrastructure is “forgetting” the actual Host
header value.
Basically how my server is set up; it is nothing else than that the hostnames of each subdomain are pointing to the webroot of the main domain
webervacuum.group
(according to the documentation: https://craftcms.com/docs/5.x/system/sites.html)
Yeah that’s normal. PHP should still be able to know what the requested URL was.
When you’re accessing
baking.webervacuum.group
, yes. And when you’re accessingwebervacuum.group
(no subdomain) it should be set towebervacuum.group
.
HTTP_HOST
should just be set to whatever the browser sets theHost
header to, which is going to be the host name in the requested URL. So somewhere along the line, your server/infrastructure is “forgetting” the actualHost
header value.
Sorry for bothering you, I just cannot seem to find the issue.
That is exactly what is happening at the moment, so then my server configuration is right I guess. Because when I navigate to Utilities → PHP Info from a subdomain (baking.webervacuum.group), both HTTP_HOST
and SERVER_NAME
are set to baking.webervacuum.group
.
Below I pasted a screenshot of the footer, where I log two aliases from my general.php just to debug real quick '@host' => $_SERVER['HTTP_HOST']
& '@servername' => $_SERVER['SERVER_NAME']
and it seems that those HTTP_HOST and SERVER_NAME values are being set right by the server. However, in this setup, where CRAFT_WEB_URL
and @web
has been unset, the HTTP_HOST and SERVER_NAME on the front end are right but baking.webervacuum.group is showing the webervacuum.group website. The same holds for all other subsites. This is quite strange because, as you sead, the Host is being set correctly right?
Am I missing something?
Sorry, I guess I misunderstood.
Can you create a template with the following code:
@web: {{ alias('@web') }}<br>
requested URL: {{ craft.app.request.url }}<br>
absolute URL: {{ craft.app.request.absoluteUrl }}<br><br>
current site: {{ currentSite.handle }}<br>
site base URLs:<br>
{{ craft.app.sites.allSites|map(s => "- #{s.handle}: #{s.getBaseUrl(false)} → #{s.baseUrl}<br>")|join('')|raw }}
And then load the template from each of the host names, and post the results for each of them?
Sorry, I guess I misunderstood.
Can you create a template with the following code:
@web: {{ alias('@web') }}<br> requested URL: {{ craft.app.request.url }}<br> absolute URL: {{ craft.app.request.absoluteUrl }}<br><br> current site: {{ currentSite.handle }}<br> site base URLs:<br> {{ craft.app.sites.allSites|map(s => "- #{s.handle}: #{s.getBaseUrl(false)} → #{s.baseUrl}<br>")|join('')|raw }}
And then load the template from each of the host names, and post the results for each of them?
No worries. Maybe there is just something wrong with my English and am I not writing clear enough :) You can find any url at webervacuum.group/info, baking.webervacuum.group/info, drying.webervacuum.group/info, cooling.webervacuum.group/info (password webervacuum)
Just did: when unsetting @web (so when the website breaks, and each subdomain shows the content of the main domain), the following holds for baking.webervacuum.group. So in some way, Craft CMS (or the server) does not set the @web correctly
@web: https://baking.webervacuum.group requested URL: /info absolute URL: https://baking.webervacuum.group/info
current site: default site base URLs:
When setting @web, it gives the following for baking.webervacuum.group: @web: https://webervacuum.group requested URL: /info absolute URL: https://baking.webervacuum.group/info
current site: baking site base URLs:
The problem is that your default
site has its base URL set to @web
.
Consider that when @web
is set correctly (where it exactly matches the incoming request URL), that means that no matter what URL is requested, your default
site’s base URL is going to be an exact match.
You should not ever be referencing @web
in your site’s base URL, especially if you have multiple sites. Instead you must hard-code it, or define another alias such as @mainSiteUrl
, set to https://webervacuum.group/
, and adjust the base URLs for each of the four sites that currently reference @web
, so they referenc @mainSiteUrl
instead.
What happened?
Description
I started running into this issue after upgrading from 4.5.14 to 4.8.3.
I have a site serving the CP from a different domain, no CP trigger (issues such as assets, cors, iframe had been handled). It's worth mentioning that once the issue begun I also tried changing to using a CP trigger but all the routes still point to the main URL and therefore the issue continued to occur.
After updating I started to receive the following message:
By troubleshooting, I was able to confirm most/all CORS headers are set correctly (again, they worked before) as the message would change. The message above seems to be the closest to passing but i'm stuck beyond this point.
These are the headers I'm using which are mostly a collection of all possible things. Variations to the URL format would fail:
Were there any recent changes to the expected headers/policies? It's very weird that this would happen after an update.
Expected behavior
Supplied CORS configuration should allow the use of the Craft CP Panel from a different domain.
Craft CMS version
4.8.3
PHP version
No response
Operating system and version
No response
Database type and version
No response
Image driver and version
No response
Installed plugins and versions
No response