'Why Laravel SignedUrl when the URL setting contains “/api”，will return 403 Invalid Signature？

environment is Ubuntu 20.04

Laravel version is 8

nginx setting

server{

    server_name mydomain.com;

    location /api {
  index index.php index.html index.htm index.nginx-debian.html;
  alias /home/my_domain_laravel/my_domain_laravel/public/;
  try_files $uri $uri/ @api;
  location ~ \.php$ {
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $request_filename;
    fastcgi_pass   unix:/run/php/php7.4-fpm.sock;
      }
    }

    location @api {
      rewrite /api/(.*)$ /api/index.php?/$1 last;
    }
}

laravel’s app_url still contains /api，so whole url will become mydomain.com/api/api

I had tried to find from /vendor/laravel/framework/src/Illuminate/Routing/UrlGenerator.php , and then I found $request->server->get('QUERY_STRING')) in function : hasCorrectSignature() ，

QUERY_STRING was gotten wrongly

correct : expires=1648139593&signature=5d139178c72bb4a3ea11e7986ed9d1fe6671e7bc23b2b5b59ac6bbc55e8eaa17

wrong:

/api/url?expires=1648139593&signature=5d139178c72bb4a3ea11e7986ed9d1fe6671e7bc23b2b5b59ac6bbc55e8eaa17

I guess it is why SignedUrl be Invalid Signature

Why Laravel SignedUrl when the URL setting contains “/api”，will return 403 Invalid Signature？

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source

'Why Laravel SignedUrl when the URL setting contains “/api”，will return 403 Invalid Signature？

Sources

Related Questions