CDN use

[stefanschleich]

The extension doesn't seem to respect the values of the files and assets urls entered in the site structure. Is it possible to build the path to the images in regard to the external urls given for files and assets?

[qzminski]

This should be fixed in 5d8af6b. Can you perhaps test it before I release the next stable version?

[stefanschleich]

It works but doesn't. Contao strips the protocol from these urls and outputs them as //domain.tld, so the extension works in respect to outputting the url contao has for it, but the output results in an error on facebook:

Provided og:image URL, //url.cloudfront.net/files/image.jpg was not a valid URL.

[qzminski]

Hmm good point. Can you try cf27bd0 please? This one should work also for https because the CDN should perform a redirect if necessary.

[stefanschleich]

That works but it depends on the user having his CDN set up correctly and it looks a bit dirty to me. Isn't there a way to check the useSSL flag from Contao and prepend the protocol as needed?

[fritzmg]

This is not a good solution I think. First of all if you access the site via https:// any resource that is referenced via http:// is considered unsafe. This can probably be ignored for the og:image tag, but still, seems rather dirty.

Secondly, the TL_FILES_URL and TL_ASSETS_URL output has changed in the past from http:// or https:// to //. In the future, it could again be changed to https://, since http:// is deprecated. If that change happens, your code will again not work anymore.

[qzminski]

@stefanschleich well that could be done but the assets and files URL refer to the external server which may or may not use safe protocol contrary to your website. Most of the CDNs use https though but still this is just an assumption based solution and thus not really bulletproof.

@fritzmg I am aware of both but is there any other solution? The http:// will be probably still in use for many years ahead and if that ever changes the code can be easily updated. Forcing https is risky as I pointed above.

In fact there could be two extra checkboxes for the SSL setting for both files and assets URL fields but isn't it an overkill?

[fritzmg]

The best solution is to use

 (\Environment::get('ssl') ? 'https://' : 'http://')

here too.

Because if you allow connections via https to your website, then you also must allow connections via https to your CDN. Otherwise none of your resources will be loaded.

[qzminski]

Sounds good! Mixed Content should be prevented by the browser indeed.

Finally fixed in 6105550. Can you test and confirm?

[fritzmg]

@qzminski that won't work in Contao 4 😁 . Because there the TL_FILES_URL will already contain https:// or http://. Also it won't work in Contao 3, will it? Because it already contains // at the beginning.

I think you need to do something like this:

// Remove relative protocol
if (strpos($strHost, '//') === 0)
{
    $strHost = substr($strHost, 2);
}

// Add protocol
if (strpos($strHost, 'http') !== 0)
{
    $strHost =  (\Environment::get('ssl') ? 'https://' : 'http://') . $strHost;
}

[stefanschleich]

He trims the // at the beginning and in Contao 3 it works as expected (at least in my SSL-only case). Can't say anything about Contao 4 though.

[fritzmg]

See https://github.com/contao/core-bundle/blob/4.3.10/src/Resources/contao/library/Contao/Controller.php#L1752-L1753

[fritzmg]

He trims the // at the beginning and it works

Ah, I didn't see the trim($strHost,'/'). Yes that should work both in Contao 3 and 4 I think.

[stefanschleich]

Yes that should work both in Contao 3 and 4 I think.

I don't think it will work in Contao 4 because $strHost wouldn't begin with // there but with either http:// or https://, right?

[fritzmg]

Ah, yeah, you are right.

[qzminski]

Okay that should be it – 336a99a. It works with both formats of CDN URLs //domain.tld and https://domain.tld. I will release 3.3.3 soon. Thank you for contribution guys!