Philipp Holzer
Philipp Holzer friendica (via ActivityPub)

BaseURL components (hostname, SSL policy, urlpath)

!Friendica Developers

I'm currently reducing the whole BaseUrl.php code massively.
Do we really need the ssl_policy, urlpath and hostname separate from the system.url?

I will use for the BaseUrl.php, based on the system.url a "real" UriInterface as $this->url, so we don't need saving the scheme, urlpath and hostname separately anymore. They are just useful for the install process but must not be changed afterwards.

The only thing, which I'm unsure is the ssl_policy, because if someone changes it afterwards in the admin site, all URL in all contacts and photos will get updated. But the question is => is this even allowed? I think this could brick the access over federation because the base-url of each entry isn't right anymore. And it isn't supported when the policy is changed by console.

So I would drop it as well and merge all config entries into the system.url.

Additionally, I will replace the Exception with a "CRITICAL" log entry to avoid a WSOD.
!Friendica Developers
Link to source
48.2083537 16.3725042
Hypolite Petovan
Hypolite Petovan friendica (via ActivityPub)
@Philipp Holzer This sounds good, internally we don't make a difference between HTTP and HTTPS URLs for remote servers (thanks to the nurl) so it wouldn't have an impact on Friendica federation.
@Philipp Holzer
Link to source
Michael Vogel
Michael Vogel friendica (via ActivityPub)
The SSL-Policy was a thing of ancient times where you could define if you had a self certified certificate, a real one or none. There had been some code around this. Just have a look if this is used somewhere.
Link to source
Tobias
Tobias friendica (via ActivityPub)
@Michael Vogel @Philipp Holzer the self-signed cert thing is important for the VagrantVM IIRC
@Michael Vogel @Philipp Holzer
Link to source
Hypolite Petovan
Hypolite Petovan friendica (via ActivityPub)
@Tobias I'm not sure what wouldn't work with a self-signed certificate. Unless we are checking the CA for self-requests, but I'm not sure the legacy SSL Policy configuration value is about that.
@Tobias
Link to source
Roland Häder
Roland Häder friendica
@Philipp Holzer For a local installation, like https://friendica.local you definitely need to ignore SSL/certificate errors because they are mostly only self-signed.
@Philipp Holzer
Link to source
Friendica Developers reshared this.
Philipp Holzer
Philipp Holzer friendica (via ActivityPub)
I know and I'm using local Vagrant with https and there is no check at all in the code that would fail here. It works fine :-)
Link to source
Friendica Developers reshared this.