New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP_HOST is being overwritten by HTTP_X_ORIGINAL_HOST #342
Comments
I can't remember the exact details, but the original commit is here: If I'm not mistaken, it was an issue with how URLs would get generated when using Laravel helpers like If I had a site setup locally as |
Ah! That makes sense indeed. In my case I'm having the exact opposite issue: I'm using Symfony with a Maybe we could store the original Something like: if (isset($_SERVER['HTTP_X_ORIGINAL_HOST'])) {
$_SERVER['HTTP_X_INBOUND_HOST'] = $_SERVER['HTTP_HOST']; // Some non-standard header so it won't conflict
$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_ORIGINAL_HOST'];
} It might make more sense to use the if (isset($_SERVER['HTTP_X_ORIGINAL_HOST']) && !isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
$_SERVER['HTTP_X_FORWARDED_HOST'] = $_SERVER['HTTP_X_ORIGINAL_HOST'];
} |
I have prepared two branches, one for each possible solution:
What do you think? |
I'd suggest a combination of both:
|
Okay! I'll combine the two and submit a PR for further review. |
Have you had a chance to test this change on both free and paid ngrok accounts? |
Yes, but testing the changes from the PR actually got me thinking: with this PR we are trying to revert to standards-compliant behavior on a case-by-case basis. IMHO it'd make more sense to have the exception (the Laravel driver, in this case) require a change, not the other way around. I went ahead and pushed 2d0c44d to the PR. As you can see, the changes to the Symfony driver have been reverted and the Laravel driver now contains the Here are the test results with a paid ngrok account, tested with both a random and reserved hostname: Unmodified driver (= standard behavior)
Modified driver (= only for
|
It feels simpler. I like that. It's definitely better for it to "just work" hands-free, no special coding required. |
Nice. Yeah, I like its simplicity too. Makes it easier to understand what's going on. |
Do we know for sure that Laravel is the only bundled driver that uses that server variable for URL generation and stuff? |
Not quite sure, so there's a chance of this update breaking other applications unfortunately. Laravel's behavior actually isn't special or anything, but rewriting the Something like the Laravel Trusted Proxies library would probably have done a better job for a Laravel application, but of course requires some manual labor (loading and configuring it to treat ngrok as a trusted proxy). It basically comes down to possibly breaking backwards-compatibility but becoming standards-compliant, or leaving the non-standard behavior in place and requiring changes to drivers for applications that expect standard behavior. |
I'll merge it for now and we can deal with any issues it introduces with other drivers if they pop up 👍 |
👍
|
Just wondering, what's the reasoning behind
server.php:L102-L014
?I use Valet with a paid Ngrok plan, with a (generic) reserved
hostname
in de Ngrok config. Unfortunately, this line sets every incoming request to the reserved hostname, instead of the domain name configured using Ngrok'shost_header
setting.I understand this might have something to do with Valet's own
share
capability, but this basically prevents anyone from using Ngrok standalone (and in accordance with its documentation) with Valet.This could be circumvented by re-rewriting the
HTTP_HOST
in a custom server, but unfortunately the original hostname is no longer available in$_SERVER
.The text was updated successfully, but these errors were encountered: