Comments (10)
I don't agree.
I'm pretty sure that setting REQUEST_SCHEME
to http
and SERVER_PORT
to 80
while using a completely valid HTTPS connection is at best a PHP-CGI misconfiguration on their part. In a worst case scenario they're just plain incompetent.
Anyway, this can't be fixed in code, because neither Slim nor Leafpub should handle broken environments like this. If you're willing to use that fix I provided before it'll work, but certainly doesn't belong in the repo. It's possible updates will break it too.
from leafpub.
Hi @BryanHeijmans
sorry for the late reply.
Which server do you use? Apache? Nginx? Would you mind posting your config?
from leafpub.
Hi @karsasmus,
Here is the information about my hosting, http://info.newwebhosting.nl/
from leafpub.
On nginx I'm able to do a clean install 1.1.9 over HTTPS and log in/out successfully (the usual PHP redirects to index.php).
Looks like an issue with HTTPS configuration on your hosting. From what I see in phpinfo(), even Apache is running as root - this is a serious security issue. Did you configure that machine yourself or are you using a shared hosting?
If the former, join Leafpub's gitter, I can help with that. In case you're using a shared web hosting, contact their support, server admins there should be able to resolve these issues.
from leafpub.
Hi @micalm, thansk for the testing. I'm on a shared hosting. Did you also tried to login on www.domain.com/admin? Because when I login on www.domain.com/admin/login I wont get an error. When i pres logout it redirectd to www.domain.com/admin/login. So it only happends on /admin.
But I forwarded ur message to my hosting and I will let you know what they replyed. Thansk for the help! Greetings, bryan
from leafpub.
Yes, I did, both methods work correctly (with GET redirect and without). It would help if you didn't redact the real domain, then I could debug directly on the troublesome Leafpub instance.
If you don't want to disclose this publicly, again, I'm on gitter.
from leafpub.
After some time debugging with @BryanHeijmans we've figured out that it's an issue in Middleware::requireAuth()
, where Slim's $request->getUri()
returns the URI with :80 appended and thus, Leafpub generates an invalid redirect URL which won't (hopefully) ever work on HTTPS.
This will require further investigation if it's an issue to be solved upstream in Slim or an incorrectly configured environment.
A quick & very ugly hack is to add $uri = str_replace(':80', '', $uri);
right after $uri = $request->getUri();
in sources/classes/Middleware.php
for those experiencing the (exact) same problem, until it is resolved here.
from leafpub.
Hi @micalm ,
thanks for your time to help @BryanHeijmans
I've looked into Slim's source code to find out if it's a bug or a feature to add the port to the url.
It's a feature, Slim follows PSR-7 spec.
If you read the comment above the method getPort()
@ https://github.com/slimphp/Slim/blob/3.x/Slim/Http/Uri.php#L424 you'll see that something with your server config seems to be wrong as Slim only returns port 80 if it's the wrong port for actual scheme (https).
from leafpub.
Hi @karsasmus,
Thanks for the reply and yes again , thanks @micalm! I will send this information to my hosting company as well. I will let you know what they have to say about this. Greetings Bryan
from leafpub.
Hi @karsasmus, @micalm,
The hosting responded,
We arrange the permissions via apparmor (so, "root" has no or limited rights in this case). The security is so alright: This is consciously set!
As for the port: This is an error in the code that determines the redirect, which one accepts the wrong port. Port 80 is not determined by our system, this seems to be a default value that the code accepts when it does not get the expected response.
If you guys think the problem is with my hosting, please say so im willing to Switch hosting. If its a problem within the code , I hope you can spend some more time on it to fix it.
Please let me know. Greetings Bryan
from leafpub.
Related Issues (20)
- Slug for non english characters HOT 3
- Error 500 after update from 1.1.7 to 1.1.8 HOT 4
- Make languages installable
- Caption box on images prevents centre justify HOT 4
- Add external images to content HOT 1
- Donations via liberapay HOT 1
- User with Editor role can't edit draft posts created by Author role HOT 6
- Issue in 'Leafpub' installation (Version 1.1.9) while using Mysqli adapter HOT 7
- Stored Cross-site Scripting (XSS) HOT 3
- 1.20 b5/b6 - Link button kaput HOT 4
- Font Awesome Pro SVG Engine HOT 2
- Requesting Content over SSL behind Proxy HOT 4
- Docker HOT 1
- Header images not showing up when using the Range theme HOT 1
- Wrong link in the readme
- Website & documentation HOT 4
- Can't install Leafpub on /Public_html HOT 1
- Is project dead? HOT 1
- Leafpub looks terrific but new posts not displaying consistently HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from leafpub.