This forum has moved to a new location and is in read-only mode. Please visit talk.octobercms.com to access the new location.
octobercms34181
When I try to send an AJAX request to anything other than a PHP script that should be a 404, it returns 200 instead.
Here is how it appears without setting the X-Requested-With header (i.e. not AJAX):
duck@duck-home:~$ curl -kI 'https://october.localhost/en/doesnt_exist'
HTTP/1.1 404 Not Found
Server: nginx/1.14.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Cache-Control: no-cache, private
Date: Fri, 12 Apr 2019 02:40:39 GMT
Set-Cookie: october_session=eyJpdiI6InJPTW1ZRTIrR3pwNytQZ1hRVVVDQXc9PSIsInZhbHVlIjoiRk5pQ3pjTVV5eFI1U3h5S0ZpOVwvRWdMeDRWZDlQcHVTYytCS3ZXMnh6U1ZSR2tWbGtLa3JQeFNYaU5JMStvWnozNjdDbXYxZ0xDa2Y0Rm1aaTFlNExBPT0iLCJtYWMiOiI5ZjViODRjZmI0MTlmMTQ3ZTkzMjBkY2U3MjQ0OTRjNzgxZjc0N2IzZTcwMjY2MDI0ODQ5NzhlN2UwMjkyMGM1In0%3D; expires=Fri, 12-Apr-2019 04:40:39 GMT; Max-Age=7200; path=/; HttpOnlyAnd now with AJAX to the same URL:
duck@duck-home:~$ curl -kI -H 'X-Requested-With: XMLHttpRequest' 'https://october.localhost/en/doesnt_exist'
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Cache-Control: no-cache, private
Date: Fri, 12 Apr 2019 02:40:27 GMT
Set-Cookie: october_session=eyJpdiI6IlU5d3J4VGxXSUp4Qnd0aGVKRG1ZVGc9PSIsInZhbHVlIjoiTXFZTitrWVU1a0x4Q1FTdmJneDZhUzdMOXZvbEl4aUNVSllUUWhSeXpvaCsxR2JuUm5DdUw3RGhtK1JVeEV3ZWFXZGxnbDNkWU8zXC9ySFRjSFViRXRRPT0iLCJtYWMiOiJmMjg1ZGFhZjVjMDQ3MDcwMzY4MjAyYWEyOTc4NTM3YjVmZjJhMDIzYjJjZGQ4ZDFkYmY0MmJiNDVlOTkzN2Q0In0%3D; expires=Fri, 12-Apr-2019 04:40:27 GMT; Max-Age=7200; path=/; HttpOnlyHowever, if we send the request to a non-existent PHP file, we correctly get a 404:
duck@duck-home:~$ curl -kI -H 'X-Requested-With: XMLHttpRequest' 'https://october.localhost/en/doesnt_exist.php'
HTTP/1.1 404 Not Found
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 12 Apr 2019 07:09:28 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-aliveHere is my nginx conf file:
server {
listen 80;
listen [::]:80;
# SSL configuration
#
listen 443 ssl;
listen [::]:443 ssl;
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
include snippets/snakeoil.conf;
root /home/mike/www/laravel/october;
# Add index.php to the list if you are using PHP
index index.html index.htm index.php;
server_name october.localhost;
client_max_body_size 100M;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?$query_string;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# Check that the PHP script exists before passing it
#try_files $fastcgi_script_name =404;
# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_index index.php;
include fastcgi.conf;
try_files $uri =404;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}Last updated
1-2 of 2