-
Notifications
You must be signed in to change notification settings - Fork 824
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Respect SS_BASE_URL scheme for builds and tasks that are ran through CLI. #10615
Comments
Pull request: #10616 |
Should we be also setting the host then, not just the protocol, if SS_BASE_URL is defined? |
Why is the protocol an issue and not the host? Or does the host get picked up in some other way and the protocol doesn't, meaning the issue could be somewhere else? |
Yes, in this case the host is picked up in some other way. The issue is caused by SilverStripe has a default fallback of setting With my change I am trying to keep the impact as low as possible while |
Seems like this is related to the issue I've been seeing on Silverstripe Cloud where error pages are generated with a base url of |
Affected Version
silverstripe/framework 4.10.11 The SilverStripe framework (probably >= 4.*)
Description
The dev/build process executed through CLI does not respect 'https' scheme from environment in a correct way. Due to how
HTTPRequestBuilder
processes URL's through theHTTPRequest
constructor, requests will be using the 'http' scheme by default unless$variables['_SERVER']['HTTPS']
orvariables['_SERVER']['SSL']
is set.The desired execution of
dev/build
through CLI would be the same waydev/build
is executed through the browser for an application withSS_BASE_URL="https://www.example.com"
being set in the environment configuration.Saying that, we currently have an issue of unstyled (static) error pages due to stylesheets and scripts being supplied over
http
. This is a known issue that describes the problem: silverstripe/silverstripe-errorpage#20I think the problem is caused because of
HTTPRequestBuilder
only validating HTTPS scheme based on SERVER variables.There are also several other issues semi-related to this change (might have missed some):
#7492
#8028
By setting the SERVER HTTPS scheme variables based on SS_BASE_URL within
CLIRequestBuilder
I expect to resolve these issues with minimal impact.Steps to Reproduce
SS_BASE_URL="https://www.example.com"
environment variable for your project where HTTPS is enabled./dev/build?flush=1
command through the web browser navigated using the https scheme, a.e.https://www.example.com/dev/build?flush=1
.error-404.html
orerror-500.html
and verify the base tag containing a https URL (correct)./dev/build?flush=1
command through the CLI interface having the sameSS_BASE_URL
value.error-404.html
orerror-500.html
and verify the base tag containing a http URL (wrong).This is a simple example of where the scheme is causing an issue and the impact might be much bigger when running a task from CLI.
Please ask for other required details that are needed to review my change, which I will submit through a pull-request in a minute.
PRs
The text was updated successfully, but these errors were encountered: