I ran into conflicting behaviors using CURL with HTTP vs HTTPS. The curl code runs an email logging routine in the background.
On my local machine this works, but fails on the hosted site:
$curl_url = 'https://'.$_SERVER['HTTP_HOST'].'/email/_email_logging.php?log_id='.$log_id;
On the hosted site, this works, but fails on the local machine
$curl_url = 'http://'.$_SERVER['HTTP_HOST'].'/email/_email_logging.php?log_id='.$log_id;
Complete CURL code:
$curl_url = 'http://'.$_SERVER['HTTP_HOST'].'/email/_email_logging.php?log_id='.$log_id;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $curl_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_TIMEOUT_MS, 100);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_exec($ch);
curl_close($ch);
An explanation of what could be happening would be appreciated and what tweak I could make to the CURL code to accept one of HTTP or HTTPS (preferred?) in both environments.
2
Answers
Adding this additional CURL line seems to have worked:
The conflicting behavior you’re experiencing with CURL using HTTP vs. HTTPS on your local and hosted environments can be attributed to several factors. Let’s break it down:
Possible Reasons for the Behavior:
SSL Certificate Issues (Local Environment):
On your local machine, if you’re using HTTPS and the local server doesn’t have a valid SSL certificate, CURL may fail when trying to connect via HTTPS.
However, since you’re setting CURLOPT_SSL_VERIFYPEER to false, it should bypass SSL verification, but other factors (like the server’s SSL configuration) could still cause issues.
Server Configuration Differences:
On your hosted site, the server is likely configured to redirect all HTTP requests to HTTPS. This means if you use HTTP, the server may automatically redirect it to HTTPS. This redirection might work differently depending on how your hosting provider handles it, leading to potential issues in one environment and not the other.
Firewalls or Security Rules:
Some hosted environments have strict security rules that might block HTTP requests or behave differently when interacting with non-HTTPS URLs. Similarly, your local environment might be less restrictive and allow HTTP without any issues.
URL Resolution and Host Headers:
Depending on how your local environment is set up (e.g., if you’re using a local development tool like XAMPP, WAMP, or MAMP), HTTP and HTTPS might resolve differently. There might be a mismatch in how the host headers are being sent or resolved.
Preferred Solution: Use HTTPS with Fallback
You generally want to use HTTPS whenever possible for secure communication. However, if there are issues with HTTPS on the local environment, you can implement a fallback to HTTP only when necessary.
Here’s how you can modify your CURL code to handle both environments:
Explanation of the Code:
Protocol Detection:
The $protocol variable automatically selects https:// if the server is using HTTPS; otherwise, it falls back to http://.
This approach ensures that CURL will use HTTPS on your hosted site (which is likely using SSL) and HTTP on your local machine if SSL isn’t configured.
Error Handling:
Added basic error logging using
curl_errno()
andcurl_error()
to help diagnose issues if CURL fails.