I want to generate an absolute URL with a specific scheme (https) in a Symfony2 controller. All the solutions I found point me to configure the targeted route so that it requires that scheme. But I need the route to remain accessible in http, so I can't set it to require https (in which case http requests are redirected to the corresponding https URL).
Is there a way to generate an URL with, in the scope of that URL generation only, a specific scheme?
I saw that using the 'network' keyword generates a "network path"-style URL, which looks like "//example.com/dir/file"; so maybe I can simply do
'https:' . $this->generateUrl($routeName, $parameters, 'network')
But I don't know if this will be robust enough to any route or request context.
UPDATE: after investigation in the URL generation code, this "network path" workaround seems fully robust. A network path is generated exactly as an absolute URL, without a scheme before the "//".
Best way to go with this
$url = 'https:'.$this->generateUrl($routeName, $parameters, UrlGeneratorInterface::NETWORK_PATH)
According to the code or documentation, currently you cannot do that within the generateUrl method. So your "hackish" solution is still the best, but as #RaymondNijland commented you are better off with str_replace:
$url = str_replace('http:', 'https:', $this->generateUrl($routeName, $parameters));
If you want to make sure it's changed only at the beginning of the string, you can write:
$url = preg_replace('/^http:/', 'https:', $this->generateUrl($routeName, $parameters));
No, the colon (:) has no special meaning in the regex so you don't have to escape it.
With default UrlGenerator, I don't think that is possible, if you don't want to mess with strings.
You could make your own HttpsUrlGenerator extends UrlGenerator introducting one slight change:
Within method generate(), instead of:
return $this->doGenerate(
$compiledRoute->getVariables(),
$route->getDefaults(),
$route->getRequirements(),
$compiledRoute->getTokens(),
$parameters,
$name,
$referenceType,
$compiledRoute->getHostTokens(),
$route->getSchemes()
);
You could do:
return $this->doGenerate(
$compiledRoute->getVariables(),
$route->getDefaults(),
$route->getRequirements(),
$compiledRoute->getTokens(),
$parameters,
$name,
$referenceType,
$compiledRoute->getHostTokens(),
['https']
);
As you can see, $route->getSchemes() gets pumped into doGenerate() based on the route settings (the tutorial link you provided above).
You could even go further and externalize this schema array and supply it via __construct.
Hope this helps a bit ;)
Related
I have such URL in Laravel 5:
domain.com/search-user/email#domain.net
When I enter this URL, it automatically searches data by given email.
How I should redirect user from other controller to this URL?
I have tried, but it doesn't work:
return view(‘controller.search-user')->with('email', $request->email);
My routes file:
Route::post('/search-user', 'tnt6weeklistController#postSearchUser');
Route::get('/search-user/{email}', 'tnt6weeklistController#postSearchUser');
-------SOLVED----------
Solved issue only with this code (maybe it is not the best practice, but other solutions didn't worked):
return \Redirect::to('http://domain.com/search-user/'.$request->email);
I guess this would work.
return url('/search-user/' . urlencode($request->email));
Note that this changes # into %40 (see here), so you need to replace that in the place you handle this request.
alternatively to what Loek answered you can set the arguments of the route using redirect()->route() method
Example:
return redirect()->route('search-user', ['email' => $request->email]);
Assuming that "email" is a proper route parameter.
More Details: https://laravel.com/docs/5.3/redirects
If you have the route for it then you can do something like this,
return \Redirect::route('search-user/example#email.com');
I would suggest using $_GET for this, so instead of having the url as you have it, do this instead:
domain.com/search-user/?email=email#domain.net
And change your code so that you're processing $_GET['email']. This should help with the redirect problem.
There is something I've been working and I ran into a problem that I could only solve doing this
header("Location:messages.php?ID_Conversation=$row[ID]");
Is this "wrong"?
This is not wrong exactly. You are redirecting to a resource and passing information to that resource as part of the URL, and this is perfectly acceptable.
However, the part that is wrong is the way the URL is structured. If you are going to be doing this with any regularity, you will want to get into the habit of setting the location as precisely as possible.
At the very least this is to say that you should set the full path relative to the domain root:
header("Location:/any_directories/messages.php?ID_Conversation=$row[ID]");
And at the best, this means including the domain and protocol as well:
header("Location:https://yourdomain.com/any_directories/messages.php?ID_Conversation=$row[ID]");
To simplify this, create a helper function or object to handle this kind of redirect.
function redirect($url) {
header("Location:https://yourdomain.com/$url");
}
redirect("any_directories/messages.php?ID_Conversation=$row[ID]");
Obviously there are other considerations in the above function, passing data for the GET query as an array maybe, discovering the domain and/or protocol, etc, and it should not be used as it is written, but the idea is sound.
I have looked all over the place, but still cant figure out how to set a global variable in PHP (Lithium framework).
My goal is to make the server root always accessible everywhere, without having to write this code everytime, to make my app independent of the hostname it is running on :
<?php echo "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; ?>
Please don't tell me to just use absolute or relative paths, as I have tried everything that way, and it is simply too messy (besides not working most of the time).
It looks like your code above is in a template. So you can use $this->request()->to('url') to get the current url. Or from a controller, it would be $this->request->to('url'). You can also pass 'absolute' => true to the options for Router::match. Unfortunately, the html link helper - i.e. $this->html->link(...) - doesn't pass the 'absolute' => true option through to the Router::match but you can call $this->url() which is passed through to Router::match. So it would be $this->url('/relative/url', array('absolute' => true)).
See the docs for Router::match
The Request object also provides access to things like http host and request uri. See the docs for Request::env()
But, to your original point about global vars, I think the Environment class should be used for this. You can put arbitrary data in it -- and even set it in your bootstrap to have different values for different environments (i.e. dev vs. staging vs. production).
Sorry, but use relative paths and use the link generator helper, which won't get what you're trying to do wrong.
See the docs.
very strange error. i use gide http://developers.facebook.com/docs/authentication/. so i create request to fb and pass redirect_uri. i use test site on localhost. so if i pass
redirect_uri=http://localhost/test_blog/index.php
it works fine, but if i pass
redirect_uri=http://localhost/test_blog/index.php?r=site/oauth2
it don't want work. i try to use
redirect_uri= .
urlencode('http://localhost/test_blog/index.php?r=site/oauth2)
but not work.
i try to explaine. i success get code, but when i access https://graph.facebook.com/me?access_token i get error 'Error validating verification code'. i checked evering, error is in ?r=site/oauth2 but i need passing some params
can somebody help me?
i read post http://forum.developers.facebook.net/viewtopic.php?id=70855 but nothing work for me
There are presently (as of March 2011) undocumented requirements regarding what makes a valid redirect_uri.
First, both redirect_uri paramaters to authorize and access_token must match.
Apparently Facebook (or rather OAuth2) is using the redirect_uri as a internal key to encode the code returned for the access_token request. It's kinda clever since it verifies back to your site. It explains why the access_token request which wouldn't otherwise need a redirect_uri parameter requires one.
Second, you cannot use many special characters in the redirect_uri.
A lot of discussion rages whether parameters can be passed at all. They can, you're limited which characters are valid but no one has published a list that I know. Traditional methods like url/html encoding will fail because percent(%) is not valid. Slash (/) is not valid either so a nested redirection url will always fail. The ONLY way to overcome the special char limitation is to encode the value of the parameter to base64. If you're using ASP.NET, look up Convert.ToBase64.
Lastly, and this is more of a side-note. There are a lot of programmers passing along misinformation that a simple solution is to pass type=client_cred. This may limit your access to some of the permissions you requested in your authorization. It is inadvisable.
Had the same problem all day when testing with redirect_uri=http://localhost:8000 (encoded to http%3A%2F%2Flocalhost%3A8000)...
Solution was simply to make sure to put the trailing slash / on the end of the uri. So redirect_uri=http://localhost:8000/ (encoded to http%3A%2F%2Flocalhost%3A8000%2F).
Again, make sure the redirect_uri is identical for both requests.
I have had this problem. I knew for a fact that my URLs were the same because I used a class with the same $var, but I kept getting the 400 response and that error in the JSON response.
The only thing I did was change my redirect_uri from:
http://myredirecturi.com
to
http://myredirecturi.com/
Yeh, just added the trailing slash and it worked.
You don't really need to encode, just put the '/' at the end of your redirect_url and everything should be fine!
Part of the information given by Aaron Wheeler is incorrect.
It is true that the 'redirect_uri' parameter must be identical in both requests, however it is perfectly possible to URL encode a regular URL and use that as the value for the 'redirect_url' parameter, so long as you're careful to further URL encode any inline URLs.
For instance, you wish facebook to redirect to the following URL:
http://www.mysite.com/Users/oAuthComplete?my_param_1=/Party/pants
Attempting to redirect the user to
'https://www.facebook.com/dialog/oauth?client_id=12345&redirect_uri='
. urlencode('http://www.mysite.com/Users/oAuthComplete?my_param_1=/Party/pants');
Will fail as /Party/Pants creates an invalid URL
However, redirecting to
'https://www.facebook.com/dialog/oauth?client_id=12345&redirect_uri='
.urlencode('http://www.mysite.com/Users/oAuthComplete?my_param_1='
.urlencode('/Party/pants'));
Will work as expected.
If you are using the returned the redrect_uri value in the second, authenticate application request, be sure to url encode again - the value is automatically URL decoded when populating the $_GET superglobal. - This is what tripped me up.
'https://graph.facebook.com/oauth/access_token?client_id=12345&&client_secret=SECRET&code=1234567'
.urlencode('http://www.mysite.com/Users/oAuthComplete?my_param_1='
.urlencode($_GET['my_param_1']));
P.s. In your actual code, I'd recommend using sprintf() rather than chaining string together like in my example, for better readability.
From what I can see, the problem here is that the redirect_uri must end with '/' and not contain '?' or other special characters. I think that is why you are getting 'Error validating verification code'. This error only appears if you are using file_get_contents(), and not when using the facebook php library.
This is the solution for php, don't know if this error appears in other SDK's.
I'm not sure if it will help, but i would suggest to encode only values in the url. Not the whole thing. eg:
redirect_uri='http://localhost/test_blog/index.php?r='.urlencode('site/oauth2');
I was having the pb and finally fix it adding the type=client_cred parameter in the url.
Struggled with this for a while. Since I didn't want a redirect, but the redirect parameter is required, my solution was to simply set it to nothing -
...&redirect_uri=&client_secret=...
I just had the same problem.
Admittedly, I am a super n00b so excuse me if this solution doesnt make any sense in actual practice.
I simply set a short fuse cookie (1-2 min) with a test variable in the page with my FB Connect button. When FB came back with information to my data parsing/handling script I checked for this cookie where I was redirecting it and if found, directed the user to the proper URL using header:location.
Of course some browsers/users etc disable cookies. This obviously wont work there (maybe use a session var and destroy it in the fb data handler?) I am sure there is a better way to do it but at the moment, this bandaid works.
The answer for me was this:
$user = $facebook->getUser();
if (!$user) {
$loginUrl = $facebook->getLoginUrl(array(
'scope' => '',
'redirect_uri' => $this->domain,
));
print('<script> top.location.href=\'' . $loginUrl . '\'</script>');
}
I've been cracking my head a long time before I found this solution, seeming I am not the only one with this issue I hope this works for you to!
I noticed you are using Yii which I'm using as well and had the same problem for half the day. As mentioned, the problem is the special characters in your URL i.e. r=site/oath2
You can fix it by enabling pretty URLS in your config so that your URL becomes index.php/site/oath2
It seems to work without the trailing slash though.
I'm using php and I have the following code to convert an absolute path to a url.
function make_url($path, $secure = false){
return (!$secure ? 'http://' : 'https://').str_replace($_SERVER['DOCUMENT_ROOT'], $_SERVER['HTTP_HOST'], $path);
}
My question is basically, is there a better way to do this in terms of security / reliability that is portable between locations and servers?
The HTTP_HOST variable is not a reliable or secure value as it is also being sent by the client. So be sure to validate its value before using it.
I don't think security is going to be effected, simply because this is a url, being printed to a browser... the worst that can happen is exposing the full directory path to the file, and potentially creating a broken link.
As a little side note, if this is being printed in a HTML document, I presume you are passing the output though something like htmlentities... just in-case the input $path contains something like a [script] tag (XSS).
To make this a little more reliable though, I wouldn't recommend matching on 'DOCUMENT_ROOT', as sometimes its either not set, or won't match (e.g. when Apache rewrite rules start getting in the way).
If I was to re-write it, I would simply ensure that 'HTTP_HOST' is always printed...
function make_url($path, $secure = false){
return (!$secure ? 'http://' : 'https://').$_SERVER['HTTP_HOST'].str_replace($_SERVER['DOCUMENT_ROOT'], '', $path);
}
... and if possible, update the calling code so that it just passes the path, so I don't need to even consider removing the 'DOCUMENT_ROOT' (i.e. what happens if the path does not match the 'DOCUMENT_ROOT')...
function make_url($path, $secure = false){
return (!$secure ? 'http://' : 'https://').$_SERVER['HTTP_HOST'].$path;
}
Which does leave the question... why have this function?
On my websites, I simply have a variable defined at the beggining of script execution which sets:
$GLOBALS['webDomain'] = 'http://' . (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '');
$GLOBALS['webDomainSSL'] = $GLOBALS['webDomain'];
Where I use GLOBALS so it can be accessed anywhere (e.g. in functions)... but you may also want to consider making a constant (define), if you know this value won't change (I sometimes change these values later in a site wide configuration file, for example, if I have an HTTPS/SSL certificate for the website).
I think this is the wrong approach.
URLs in a HTML support relative locations. That is, you can do link to refer to a page that has the same path in its URL as the corrent page. You can also do link to provide a full path to the same website. These two tricks mean your website code doesn't really need to know where it is to provide working URLs.
That said, you might need some tricks so you can have one website on http://www.example.com/dev/site.php and another on http://www.example.com/testing/site.php. You'll need some code to figure out which directory prefix is being used, but you can use a configuration value to do that. By which I mean a value that belongs to that (sub-)site's configuration, not the version-controlled code!