0

I know PHP's built-in web server was not designed to work with https but I'm building an API that should only work with https and, for example, my tests also test correct behaviour when entering the API with no https.

Is there any quick workaround so I can work with https and Symfony's built-in web server?

user2394156
  • 1,792
  • 4
  • 16
  • 33

2 Answers2

0

You can use Pound reverse proxy:

WHAT POUND IS:

  1. an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers.
Community
  • 1
  • 1
malcolm
  • 5,486
  • 26
  • 45
  • But if it passes the request as plain HTTP to my back-end server then my script will see it as non-https connection and throw errors if I'm right? – user2394156 Oct 19 '16 at 19:03
  • No, you can set headers in pound for your application if you need them: `X-Forwarded-Proto: https` and `X-Forwarded-Port: 443`. – malcolm Oct 19 '16 at 19:29
0

Probably not exactly what you are out for, but perhaps it's worth a thought or two.

In production environment, you need to make sure that only HTTPS works. Which means: requests coming in via HTTP should be discarded or forwarded to HTTPS or whatever. You can test this by calling the service via app.php (which should be the default in a fresh installation of Symfony).

If the above tests succeed, all other tests can safely assume that in production there will be HTTPS. So they can also be performed with HTTP, as they merely test functionality of the application itself, not anything about HTTPS. Using app_dev.php for this would be sufficient in this case.

I.e., force HTTPS only in your production settings, but not in your development settings. Perform tests against production settings for correct behaviour on non-HTTP requests and all the rest against development settings.

Does non-HTTPS handling work correctly?

http://your.local.host/app.php

Does the application do a good job?

http://your.local.host/app_dev.php
D. E.
  • 106
  • 1
  • 1
  • 9