Comments (8)
Not tried secure urls yet, but what seems to be failing? Do you have an example I can see?
from asset-pipeline.
Same issue here. When you make a secure https request and the content is insecurely linked (a la http://localhost/assets/js/application.js). The content is simply blocked from loading.
I think the logic in question is located here:
https://github.com/CodeSleeve/asset-pipeline/blob/master/src/Codesleeve/AssetPipeline/SprocketsBase.php#L273
The general solution (as far as I am concerned) is to omit the the "http" or "https" from the path. So the path would look like "//localhost/assets/js/application.js"
Because I don't fully understand what's being leveraged/extended with the code in question, my 30-second monkey patch looks like:
$remove = array('http:', 'https:');
$path = app('url')->asset($path, $this->config->get('secure'));
return str_replace($remove, '', $path);
It works, but it feels dirty.
from asset-pipeline.
Well, it looks like the approach I use above is as good as it gets:
https://github.com/laravel/laravel/issues/1661#issuecomment-12959572
Surely, there must be a better way? If not, let me know, I'll fork and issue a pull request.
from asset-pipeline.
@weblee In your config file for asset-pipeline (do config publish if you haven't already) can you put a 'secure' => true
from asset-pipeline.
@evantishuk put the change you suggested into dev-testing will merge on next tagged version
from asset-pipeline.
I'm traveling atm... might be a couple days before I get back into work-mode. Will post then.
from asset-pipeline.
So, I checked out the testing branch and it looked like the code I suggested was already integrated. So, I figured I'd dig a little deeper on the original issue and I found a couple things that probably need to be considered.
First, I wanted to see what was going on with $this->config->get('secure')
because I couldn't find it being set anywhere in any config file (at least not for me). So, I went into the package's config and added secure = true
and checked what the function was seeing. As it turned out, it was not correctly getting picked up. It was returning array()
instead of true
. This is because the syntax is incorrect. It should be: $this->config->get('asset-pipeline::secure');
. So do we want to even keep the secure config flag as a concept (unsupported as it was)? Obviously it seemed like a good idea at one point, but it doesn't seem relevant or documented if we decide to strip out the protocol and reverse what the getScheme function is doing. At the same time, it does seem reasonable to allow for explicitly saying "I want my assets to be secure, damnit" -- though, I'm having a tough time thinking of a case where I'd ever do that.
Second, remember I mentioned that the faulty $this->config->get('secure')
was returning an empty array? Well, I wanted to see if that might have been why the original code was borking with secured assets. And, that seems to have been the case. Check out this Laravel issue: laravel/framework#2171 and, more specifically, the getScheme function here: http://laravel.com/api/source-class-Illuminate.Routing.UrlGenerator.html#161. As you can see, if you pass that function an array, you're going to have a bad time. This was the root of the the original issue.
Ok, so, to wrap this up. I begrudgingly think we should change the code to look something like:
$secure = $this->config->get('asset-pipeline::secure');
return app('url')->asset($path, $secure);
It appears to behave as originally intended and has the benefit of working with Laravel instead of against it. Personally, I think removing the protocol string makes good sense, but I don't like fighting with Laravel and I don't get the sense they're going to change the core functions any time soon (though several have suggested it).
As a compromise, perhaps the config could contain 'protocol' => null
(default Laravel behavior) or 'protocol' => 'secure'
(set secure to true) or 'protocol' => 'none'
(strip the protocol). Or, we could add an additional config flag like 'strip_protocol' => true
Thoughts?
from asset-pipeline.
I'm not sure about a the best solution but here's a workaround that works:
Create a secure.php in your app's config folder and paste the following as its content
<?php
return true;
This should set the secure flag to true and make the asset pipeline server secure assets.
from asset-pipeline.
Related Issues (20)
- Please fix for Laravel 5 HOT 2
- PNG image on production is broken HOT 1
- application.css shows the mainfest file code along with the included files HOT 1
- CSS media queries without space after keyword broken
- php artisan assets:generate doesn't work well with concat. HOT 1
- Browser cache issues HOT 1
- ng-classify filter pre-processor
- CSS Minification with Keyframes
- Best Practice / Example for "thave a separate manifest file for each section" HOT 1
- Specify which path is assigned to which route.
- Require_tree unusable, @import won't cache bust
- Files still cached on a local environment HOT 1
- Requiring tree broke the combination
- Import an non-existent file with SASS write the importation line
- Laravel 5? HOT 2
- Site.scss in production taking 2.5+ seconds to load HOT 1
- @keyframe name surround by quote
- Not Found http://localhost/laravel/public/assets/application.css HOT 1
- Class not Found
- typo in repo description
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from asset-pipeline.