I am trying to set up email verification, but because of wrong configuration of either, server or php I always get 403 Invalid signature error. If you know how to solve this problem I would be very grateful. All the solutions I googled don't work for me.
my route with params:
https://mysite.lo/email/verify/1001/82f42f0bbc6880958a68b56159cb7cbf96199ddf?expires=1642686658&signature=87fa7d09653adcbbeb4dd99bec9a97395d7417bdfeffc145a1c5d6e80feeb726
PHP DEBUG
$request->server->get('QUERY_STRING')
output:
/email/verify/1001/82f42f0bbc6880958a68b56159cb7cbf96199ddf&expires=1642686658&signature=87fa7d09653adcbbeb4dd99bec9a97395d7417bdfeffc145a1c5d6e80feeb726
But there should be another output, starting from ? to the end, for example:
expires=1642686658&signature=87fa7d09653adcbbeb4dd99bec9a97395d7417bdfeffc145a1c5d6e80feeb726
Or am I misunderstanding something?
Anyway, I don't understand why this is happening. The nginx settings are below.
server {
listen 80;
listen 443 ssl;
listen [::]:80;
server_name mysite.lo *.mysite.lo;
ssl_certificate /etc/nginx/ssl/ssl.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
access_log /var/www/mysite/mpa/storage/logs/nginx_access.log;
error_log /var/www/mysite/mpa/storage/logs/nginx_error.log;
root /var/www/mysite/mpa/public;
index index.php;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
charset utf-8;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
# serve static files directly
location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
access_log off;
expires max;
log_not_found off;
}
# removes trailing slashes (prevents SEO duplicate content issues)
if (!-d $request_filename)
{
rewrite ^/(.+)/$ /$1 permanent;
}
# enforce NO www
if ($host ~* ^www\.(.*))
{
set $host_without_www $1;
rewrite ^/(.*)$ $scheme://$host_without_www/$1 permanent;
}
# unless the request is for a valid file (image, js, css, etc.), send to bootstrap
if (!-e $request_filename)
{
rewrite ^/(.*)$ /index.php?/$1 last;
break;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fixes timeouts
fastcgi_read_timeout 600;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
This is the local environment. I am using: laradock php 8
It is your rewrite ^/(.*)$ /index.php?/$1 last; rule adds an original URI as the first query argument. As rewrite directive documentation says:
If a
replacementstring includes the new request arguments, the previous request arguments are appended after them.
You can avoid adding an original URI as the first query argument specifically for the /email/verify/ route:
if (!-e $request_filename)
{
# do not append an original URI to this route
rewrite ^/email/verify/ /index.php last;
# but append it to everything else
rewrite ^/(.*)$ /index.php?/$1 last;
break;
}