search

slimphp / Slim

Slim is a PHP micro framework that helps you quickly write simple yet powerful web applications and APIs.
http://slimframework.com
MIT License
11.98k stars 1.95k forks source link

How to properly setup baseUrl in Slim 3.x #1665

Closed feryardiant closed 8 years ago

feryardiant commented 8 years ago

I'm using Uri::getBaseUrl() in my slim-plates extension, it seems not working properly on my my server when I access it over https and devtools console said.

Mixed Content: The page at 'https://slim-app.projek.xyz/' was loaded over HTTPS, but requested an insecure stylesheet 'http://slim-app.projek.xyz/styles/main.css'. This request has been blocked; the content must be served over HTTPS.

Is it a bug? or just me who can't set it up properly?

EDIT: Just setup https in my local server and dayum, it works :sweat_smile:. I don't know why & I still trying to figure it out. By the way, I'm using heroku.

Thanks

vlakoff commented 8 years ago

Does that server have $_SERVER['HTTPS'] set?

feryardiant commented 8 years ago

Hi @vlakoff, thanks for reply.

On my local setup, yes it has but not on my heroku, dunno why.

vlakoff commented 8 years ago

I suppose it's because Slim doesn't have support for requests by proxies.

Unfortunately this isn't straightforward to implement if you want it to be thorough, and secure (proxies whitelist).

The best implementation by far is Symfony's, see:

feryardiant commented 8 years ago

Thanks for your help.

I'll take a look. Cheers :smile:

akrabat commented 8 years ago

How are you including main.css?

feryardiant commented 8 years ago

hi @akrabat,

I'm using Plates built-in Asset Extension on my base.tpl, it will only return file path without hostname (e.g. /asset/main.css)

vlakoff commented 8 years ago
feryardiant commented 8 years ago

@vlakoff that's exactly my probem here.

tuupola commented 8 years ago

You could also just use href="//slim-app.projek.xyz/styles/main.css?v=..." and browser will automagically choose http or https depending on the current page.

feryardiant commented 8 years ago

Hi @tuupola

Thanks for suggestion, but I don't thing it's a good idea to type it manualy and I was expect it should be retrieved from Uri::getBaseUrl().

tuupola commented 8 years ago

What is the problem described in the bug report? Not getting the https protocol from the Uri::getBaseUrl() call or not getting the domain part from the same call? It is not clear to from the description.

I was not suggesting you should manually type something. Just saying that the protocol part is not required in the URL. If you leave it out browser uses the same protocol as the page was requested with. But I guess I misunderstand the original problem.

feryardiant commented 8 years ago

I use Heroku for the demo with custom domain provided by Cloudflare. The problem is Uri::getBaseUrl() doesn't return correct base url in my setup. When I access it using heroku subdomain which is https://slim3app.herokuapp.com/ I got http://slim3app.herokuapp.com and when I access it from https://slim-app.projek.xyz/ I got something like http://slim-app.projek.xyz:12345 (with extra port). I dunno where it come from, as @vlakoff said

Slim doesn't have support for requests by proxies

I also assumed the same thing.

Sorry, I have poor english.

piotr-cz commented 8 years ago

In #1571 I suggested an option to set base URI manually via config option (which in turn may be read from .env file), but still didn't have time to prepare a PR.

vlakoff commented 8 years ago

@feryardiant You may want to try Proxy Scheme and Host detection middleware :raising_hand:

piotr-cz commented 8 years ago

@vlakoff When using URL rewrites (.htaccess), auto-detection fails and it's not possible to set base URL manually.

vlakoff commented 8 years ago

@piotr-cz Could you please provide an example?

Also, I think manual setting of base URL should be considered as a very, very last resort. If it is technically possible to detect the base URL, we should do it to avoid delegating the work to the user.

vlakoff commented 8 years ago

There are middleware for scenarios with proxies: Proxy Scheme and Host detection middleware and Client IP address middleware. They are awaiting to be used and improved :)

If middlewares can solve this issue, then I think it should be closed.

feryardiant commented 8 years ago

Hi @vlakoff,

Thanks for the link, I'll try both.

Best :) Fery Wardiyanto

On Thu, Apr 21, 2016 at 6:15 AM, vlakoff notifications@github.com wrote:

(disclaimer: currently drunk so can't go into the details)

There are middleware for scenarios with middlewares: Proxy Scheme and Host detection middleware https://github.com/akrabat/rka-scheme-and-host-detection-middleware and Client IP address middleware https://github.com/akrabat/rka-ip-address-middleware. They are awaiting to be used and improved :)

If middlewares can solve this issue, then I think it should be closed.

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/slimphp/Slim/issues/1665#issuecomment-212648094

silentworks commented 8 years ago

I think the middleware solves this issue, otherwise you can manually set the baseUrl.

piotr-cz commented 8 years ago

@silentworks How can I set the baseUrl manually?