how to make file_get_contents('php://input') support for http and https

Question

How to make file_get_contents('php://input') to support for http and https, so that any request either from http or https can get processed without any trouble?

On server I have added redirection to redirect user from http to https. Currently our website apps are pointed to HTTP and the next version of app will be connected to HTTPS. I have to give back support for both version of web services.

I am using file_get_contents('php://input') to fetch variables from the requests from APPs, its working for all except JSON requests.

I googled alot and found the following solution but its not working as well.

$opts = array('http' =>
    array(
        'follow_location' => 1,
    )
);
$context = stream_context_create($opts);
$result = file_get_contents('http://example.com/', false, $context);

also tried the same with

$result = file_get_contents('php://input', false, $context);

Answer 1

You're trying to read the request body of an incoming request, which means a POST or PUT request. However, you're also redirecting this request to another URL. You cannot redirect POST/PUT requests, they will always become GET requests upon redirection and the request body will not be forwarded.

1. client → server: POST /foo { lots of data }
2. client ← server: Thanks, look over here: 302 Found Location: /bar
3. client → server: GET /bar (look ma, no data!)

Your issue is not that PHP cannot read from php://input if the request is HTTPS, your issue is that there is no request body to read at all, because you have redirected the request and in the process discarded the body.

The client will have to make a request to the right URL (HTTP or HTTPS) by itself and you need to handle the request on the first try without redirection.

Answer 2

I understand, that you are redirecting selected requests from http to https , most probably by .htaccess rules. Either the http or the https protocol should be used througout, at a certain time.

This would mean that your script should issue a requests thru the file_get_contents() function with the same protocol as it itself has been called. So, there would be no need to "follow location".

The following code would take the protocol from its own request and use it for the secondary request:

<?php
// Find out the protocol we were called
$encrypted = ((isset($_SERVER["HTTPS"])) && (strtoupper($_SERVER["HTTPS"]) == 'ON'));
$proto = ($encrypted) ? "https://" : "http://";

$opts = array(
    'http'=>array(
        'method'=>"GET",
    )
);

$context = stream_context_create($opts);

// Open a file with the headers defined.
// Use the same protocol as we were called
$file = file_get_contents($proto . 'www.example.com/path/test.php', false, $context);
echo "<pre>$file</pre>";