I am plannig to set up something similar to the following:
https://wordpress.stackexchange.com/questions/6109/how-can-i-lock-down-an-old-wordpress-install-i-dont-intend-to-update
Basically the folders and files are generated like a cache for a php site.
What header info is sent for extensionless files? Is the header info stored in the text file like the modified date or something else?
I would like to stop using extensions for all site content.
For example:
/about - html page
/js - my sites javascript with appropriate header info
/logo - my sites logo
etc.
Are there any negatives or repercussions in setting extensionless files.
What about if I set up the caching system?
There are multiple options to set headers for static files, if they have no extension. For a whole directory it's easiest to use DefaulType in the .htaccess:
# js/ directory
DefaultType application/javascript
The sibling ForceType is sometimes also useful:
<Files about>
ForceType text/html
</Files>
But you can also set headers for individual files using e.g. a RewriteRule:
RewriteRule logo - [T=image/jpeg]
And another option is to use mod_meta. This allows to have each static file accompanied by a .meta file, which defines the sent MIME type.
Headers are being attached by the web server
Send a static file and you can see with Firebug or a similar tool what headers are being sent
To override a header that was attached by the server, you can use PHP's header function. Use the same header name as the one you want to override. For example, if you want to override\cancel the Content-Length header you would do header('Content-Length: ') (Although for this specific header it makes no sense to cancel it).
To attach headers to static files, you will need to do that (in Apache) in .htacces or the main configuration file of the Apache.
Related
I am trying to create a type of font repository for use on my websites, so that I can call to any font in the repository in my css without any other set-up. To do this I created a subdomain on which I placed folders for each font in the repository that contained the various file types for each font. I also placed a css file called font-face.css on the root of the subdomain and filled it with #font-face declarations for each of the fonts, the fonts are linked with an absolute link so that they can be used from anywhere.
My issue is that it seems that I can only use the fonts on that subdomain where they are located, on my other sites the font does not show. Using firebug I determined that the font-face.css file was successfully being linked to and loaded. So why does the font not correctly load? Is there protection on the font files or something? I am using all fonts that I should be allowed to do this with, so I don't see why this is occurring. Maybe it is an apache issue, but I can download the font just fine when I link to it.
Oh, and just to clarify, I am not violating any copyrights by setting this up, all the fonts I am using are licensed to allow this sort of thing. I would however like to set up a way that only I can have access to this repository of fonts but that's another project.
This is because Firefox (from your mention of Firebug) thinks cross-domain, even subdomain, Web font embedding is a bad idea.
You can convince it to load fonts from your subdomain by adding this to the top-level .htaccess file of the subdomain where your fonts are being served (updated to adapt code from the same file in HTML5 Boilerplate):
<FilesMatch "\.(ttf|ttc|otf|eot|woff)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
In response to this:
I would however like to set up a way that only I can have access to this repository of fonts but that's another project.
The W3C spec for Access-Control-Allow-Origin doesn't say anything more than either a wildcard "*" or a specific domain. So far, I've found this SO answer which suggests validating the Origin header, but I think that's a Firefox-only header. I'm not sure about other browsers (they don't even need the .htaccess trick above for cross-domain Web fonts to work).
Another way to fix this in Firefox is to embed the font directly into the css file using base64 encoding. Especially nifty if you don't have access to some of the configuration mentioned above.
You can generate the necessary code on fontsquirrel.com: in the font-face Kit Generator choose expert mode, scroll down and select Base64 Encode under CSS Options - the downloaded Font-Kit will be ready to plug and play.
This also has the fringe benefit of reducing page load time because it requires one less http request.
If you do not want to allow resources from all domains but only from sub domain of your site, you should do it like:
# Allow font, js and css to be loaded from subdomain
SetEnvIf Origin "http(s)?://(.+\.)?(example\.com)$" ORIGIN_DOMAIN=$0
<IfModule mod_headers.c>
<FilesMatch "\.(eot|font.css|otf|ttc|ttf|woff|js|png|jpg|jpeg|gif)$">
Header set Access-Control-Allow-Origin %{ORIGIN_DOMAIN}e env=ORIGIN_DOMAIN
</FilesMatch>
</IfModule>
Source: http://www.webspeaks.in/2015/01/wordpress-allow-cross-domain-resources.html
Using http://www.fontsquirrel.com/fontface/generator in "expert" mode and choosing base64 as an option returned a stylesheet.css with the necessary base64 encoded data to use in our stylesheet. Seems to work in all browsers we've tested except IE8.
We run into this issue most when applying themes to 3rd party tools like salsa petition where we're forced to host the font.
Thanks for all the help everyone!
I have a very interesting problem related to Deflate Compression, Apache (htaccess), and CSS files.
I have two CSS files on my server. One is called styles.php and has dynamic values added based on database values through mod_rewrite in the styles/ directory (it is rewritten from styles.php to site.css and there is a text/css header at the beginning of the file). I also have a regular old css file with static content that doesn't change in the same directory called styles.css.
I've wanted to add compression to my site so I added the following line to start compressing my css and js files. I added this to the root_directory for my website.
<ifModule mod_deflate.c>
<filesMatch "\.(js|css)$">
SetOutputFilter DEFLATE
</filesMatch>
</ifModule>
Well initially that didn't work. So I changed this line in the root htaccess file from this to the next thing. (this code below is located at the top of the file)
AddType application/x-httpd-php5 .html .php
AddType application/x-httpd-php5 .html .php .js .css
Then my js and one of the css files started to be compressed (verified with YSlow.....yay!). The odd thing was the css file that was being rewritten was being compressed (the styles.php file) but the styles.css file (the static one) was no longer being read by the browser. As soon as I deleted ".css" from that AddType line the browser started reading the file again and my css returned to normal, however it was no longer being compressed through apache.
Any thoughts on why a static css file is not being read by the browser if I add the type? I tried it with just text/css instead of .css and it was not compressing the file (but the browser interpreted it).
UPDATE:
I added this to the root htaccess file. We have compressed, interpretted sweetness now.
<filesMatch "\.css$">
FileETag None
<ifModule mod_headers.c>
Header set Content-type "text/css"
</ifModule>
</filesMatch>
When you run a CSS file through the PHP pre-processor, PHP will automatically output it as a text/html file, via default headers, since you're not manually specifying it. So really, your browser is receiving a file with a .css extension which has headers claiming it's an HTML file, so it's trying to interpret it as HTML rather than CSS.
If your CSS file actually needs to be run as PHP and there is PHP in it, you need to re-issue the appropriate file type so when it output, it's still CSS:
<?php
header('Content-type: text/css');
?>
You can't just send a CSS file through PHP and expect it to work exactly the same. If you're not actually pre-processing it with PHP, then you shouldn't be sending it through there.
As for the deflation issue, I could never actually get mod_deflate to work personally (no idea why). I had to use mod_gzip instead.
I would like to configure apache php5 in a way that
.css and .js files will be inspected by php
their content type will remain as default (that is respectively "text/css" and "application/x-javascript")
I need this because both CSS and JS files are using global PHP vars. This allows me from a single PHP file to control both CSS and JS code dynamically (then the project is exported so that css and js files contain the actual values and not the PHP echos).
The way I'm doing right now is that I added .css and .js extension to apache php5.conf:
AddType application/x-httpd-php .php .phtml .php3 .css .js
I also use header('Content-Type: [...]') on top of each css/js file to change the Content-Type header value back to original. This isn't ideal as I have to manually add this line to every css/js file in order for the Content-type header to be appropriate, even if I do not use the PHP global vars.
So anyway I can make PHP inspect css/js files while keeping their original Content-Type without having to modify the actual css/js files themselves?
I didn't try that, but from the docs it looks possible:
<Files *.css>
php_value default_mimetype "text/css"
</Files>
<Files *.js>
php_value default_mimetype "application/x-javascript"
</Files>
# ... and so on for other types
If I absolutely had to do that, I would have made a special view for CSS and JavaScript files. For example, I would tell my application to handle all requests to, say, /pseudostatic/css/somefilename.js by a certain controller, which would take a template based on the name of a requested file, prepend all the needed global variables to it and serve it with a needed header.
And I would use caching based on the file's timestamp.
But I think this is realy an unnecessary pain. I bet you can find a way around, like keeping most of your CSS and Javascript in static files and loading only a tiny bit of server-side generated scripts and styles directly inside the requested page. This way you will save your server a lot of processing time.
Is it possible to redirect an image to a dynamically generated image(using PHP)?
I have a dynamically created image and it has an extension ".PHP" (obviously) and that server is not under my control. So I want to redirect "somename.jpg" (on my server) to "remoteserver/dynamicimage.php" (on some remote server not under my control) so that I can right away link it as <img src="somename.jpg"/> and the dynamically generated image is shown.
Please let me know if this is possible.
Browsers follows redirects for images. Create a php-file called "somename.jpg" and add:
<?php
header('Location: http://www.otherserver.com/image.php');
Use the Apache directive ForceType in an .htaccess file to tell the server to process the .jpg file as php:
<Files somename.jpg>
ForceType application/x-httpd-php
</Files>
Or just call the file somename.php if you don't really need the .jpg extension.
You could probably accomplish this using mod_alias as well, although I haven't tried it:
Redirect somename.jpg http://www.otherserver.com/image.php
This would go in an .htaccess file as well.
The header function controls the HTTP header, which is what the browser uses to determine the file type (or should, in any case.) It can be used to tell the browser that the script is generating an image file to be downloaded, rather than HTML script output:
header('Content-type: image/jpeg');
header('Content-Disposition: attachment; filename="somename.jpg"');
Try adding something like this to your .htaccess file
RewriteEngine on
RewriteRule ^(.*)\.jpg$ /scripts/$1.php
It is possible but would result in an HTTP redirect:
RewriteEngine on
RewriteRule ^somename\.jpg$ http://remoteserver/dynamicimage.php [L]
An alternative would be to use a proxy (see P flag), so that your server requests the remote resource and passes it back to the client.
Another much more complicated but incredible powerfull way would be to write some handler code which gets activated for this local image location url.
This one would fetch the data from the foreign url and outputs the data with the right mime type.
One you also write some code to cache this data basing on whatever may be feasible.
This way you would never give away the real location of the image and you could even use some secret credentials like logindata or third party cookies which should not appear on your site.
All of this is much harder to do then to simply configure a redirection in the apache config. We did stuff like this in cases where the url's would leak private informations otherwise.
I need to rewrite all the files in a directory and essentially make their extentions css instead of php. I want to do with with a .htaccess file within that specific directory.
What is the correct method of doing so and are there any special PHP headers I need to set the ensure the file is read as a .css file correctly?
I think that you rather want requests of *.css to be rewritten internaly to *.php. So try this:
RewriteEngine on
RewriteRule ^(foo/.*)\.css$ $1.php [L]
While foo is here the specific directory.
You now should explicitly declare the output as text/css using the following at the begin of the PHP script:
<?php
header('Content-Type: text/css;charset=<your charset>');
Replace <your charset> by whatever charset/encoding you are using (probably ISO-8859-1 or UTF-8).
well they don't need a css extension if your just using them from with in your site. They just need to output the header Content-Type: text/css before rendering (I assume) the generated css. Similar sort of thing applies to other file types, if you have a php script that generates an image, you'd do it the same way, except you change the content type to image/png or jpeg or whatever.
However, if you want the outside would to see these generated css files as files with a css extension then mix what I've said with what Gumbo said.