Possible Bug in HOST variable

[ChrisFrench]

I have an application that uses sub domains in various ways.

and I have found that using the latest build, and using NGINX, the f3 HOST var only contains the top level domain.

example my url is like
event1.site.com and the HOST variable is site.com

I have var_dumped my $_SERVER global and I get the SERVER_NAME= site.com and HTTP_HOST = event1.site.com

not that both the subdomain and and the top level domain are all mapped to the same f3 instance.

[bcosca]

F3's HOST is just an alias for PHP's $_SERVER['SERVER_NAME']. HTTP_HOST is not reliable. It comes from the client which can be spoofed, and HTTP/1.0 clients do not send that information..

[ChrisFrench]

I just want to update this ticket for anyone having a simliar situation in the future.

I have done some investigation and it appears.

NGINX uses the first value of server_name in the nginx config file as the value for $_SERVER['SERVER_NAME'];

so if you have an application like mine that uses sub domains dynamically and your NGINX server config has something like server_name = site.com *.site.com, your $_SERVER['SERVER_NAME'] and your f3 HOST variable will always be just site.com and not your sub domains, currently I can't figure out a way of getting the sub domain other than the HTTP_HOST variable.

You can either do this in PHP or do it in your NGINX config file by setting somethign like this in your config file
proxy_set_header Host $http_host;

[bcosca]

You really should be redirecting traffic from site.com to subdomain.site.com, else Google will give you a low SEO rating because they contain duplicate content. This can be done easily at the DNS level.

[glad2learn]

redirecting traffic from site.com to subdomain.site.com

for Google, site.com and www.site.com are 2 differents websites. Similarly, site.com and subdomain.site.com are flagged culprit of duplicate content (DC). The former is kept, the latter blackboxed. Gogogl's DC Law.

[bcosca]

Right. In summary, if site.com always redirects to www.site.com, nothing is duplicated. Google sees site.com as a reflector due to the HTTP 30x headers. However, if site.com/xyz and www.site.com/xyz serve the same content, you're in trouble with Google.

[ChrisFrench]

I agree with what you are saying, but what I am building is more of an application than a content site. Google indexing is not needed, sub domains will be different unique indexes so the NGINX setup is valid. and the problem is a real problem, if i am not supposed to trust http_host than I am not sure how to dynamically allow sub domains, and get the correct domain

[stevewasiura]

@ChrisFrench can you rewrite the value of $_SERVER['SERVER_NAME'] before calling fatfree?

// force rewrite of server var
$_SERVER['SERVER_NAME'] = 'monkeybone.com';

// Retrieve instance of the framework
$f3=require('lib/base.php');

echo $f3->get('HOST');

this worked for me using apache 2