Nginx and PHP 8.1, empty QUERY_STRING

Question

Issue: Laravel's controller gets a request with an empty array of query parameters, though it should contain one.

Configuration:

• Laravel Version: 9.5.1
• PHP Version: 8.1.4
• Database Driver & Version: Ver 15.1 Distrib 10.3.31-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
• nginx version: nginx/1.20.2
• OS: Debian 10 buster

Nginx configuration:

(here simplified without https, but the same happens also with https)

    server {
    listen 80;
    listen [::]:80;

    server_name slider.my.domain;

    root /usr/share/nginx/slider/public;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options "nosniff";

    error_log /var/log/nginx/slider/error.log debug;
    access_log /var/log/nginx/slider/access.log;

    index index.php;
    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
        include snippets/fastcgi-php.conf;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

snippets/fastcgi-php.conf:

# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+?\.php)(/.*)$;

# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;

# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;

fastcgi_index index.php;
include fastcgi.conf;

fastcgi.conf:
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

Opening the URL: http://slider.my.domain/showEvents?api_key=ALongKeyValue , doing a dd($request) inside the Controller's method, I get this server value:

#parameters: array:44 [▼
      "USER" => "www-data"
      "HOME" => "/var/www"
      "HTTP_COOKIE" => "XSRF-TOKEN=eyJpdiI6IkV3QkxPYklBdW9aT2Q2ajV5OHp4MlE9PSIsInZhbHVlIjoiT3FrNjIrQnBNQW9xelpSUmVDNWpMVVFKbHRmNVlIRW85WlloYUszdkRzY0IzNkdKVlYydE55MWdKYVNCa1NKSmtXbFRtL ▶"
      "HTTP_ACCEPT_LANGUAGE" => "it-IT,it;q=0.9,en-DE;q=0.8,en;q=0.7,de-DE;q=0.6,de;q=0.5,en-US;q=0.4"
      "HTTP_ACCEPT_ENCODING" => "gzip, deflate, br"
      "HTTP_REFERER" => "https://slider.my.domain/monitors"
      "HTTP_SEC_FETCH_DEST" => "document"
      "HTTP_SEC_FETCH_USER" => "?1"
      "HTTP_SEC_FETCH_MODE" => "navigate"
      "HTTP_SEC_FETCH_SITE" => "same-origin"
      "HTTP_ACCEPT" => "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
      "HTTP_USER_AGENT" => "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36"
      "HTTP_UPGRADE_INSECURE_REQUESTS" => "1"
      "HTTP_DNT" => "1"
      "HTTP_SEC_CH_UA_PLATFORM" => ""Windows""
      "HTTP_SEC_CH_UA_MOBILE" => "?0"
      "HTTP_SEC_CH_UA" => "" Not A;Brand";v="99", "Chromium";v="99", "Google Chrome";v="99""
      "HTTP_CACHE_CONTROL" => "max-age=0"
      "HTTP_HOST" => "slider.my.domain"
      "REDIRECT_STATUS" => "200"
      "SERVER_NAME" => "slider.my.domain"
      "SERVER_PORT" => "443"
      "SERVER_ADDR" => "1234.5678:...."
      "REMOTE_PORT" => "50600"
      "REMOTE_ADDR" => "1111:3222:..."
      "SERVER_SOFTWARE" => "nginx/1.20.2"
      "GATEWAY_INTERFACE" => "CGI/1.1"
      "HTTPS" => "on"
      "REQUEST_SCHEME" => "https"
      "SERVER_PROTOCOL" => "HTTP/2.0"
      "DOCUMENT_ROOT" => "/usr/share/nginx/slider/public"
      "DOCUMENT_URI" => "/index.php"
      "REQUEST_URI" => "/showEvents.php?api_token=ABCDEFGJdoklRlWrZUc6eRUYHEg6VxOqGxVQyjRyHAGAAAVkzlxRqeWv0CnGGGGn9VeB0aUBwXV1"
      "SCRIPT_NAME" => "/index.php"
      "CONTENT_LENGTH" => ""
      "CONTENT_TYPE" => ""
      "REQUEST_METHOD" => "GET"
      "QUERY_STRING" => ""
      "SCRIPT_FILENAME" => "/usr/share/nginx/slider/public/index.php"
      "PATH_INFO" => ""
      "FCGI_ROLE" => "RESPONDER"
      "PHP_SELF" => "/index.php"
      "REQUEST_TIME_FLOAT" => 1648212474.0467
      "REQUEST_TIME" => 1648212474
    ]

And running $request->query('api_token') just returns null.

This seems to work on my local environment (through php artisan serve , but not on the server).

Answer 1

that all looks like it should work, i suspect it is the request object in the laravel controller, can you paste that in.

are you using something like this

use Illuminate\Http\Request;

class AController extends Controller
{
    public function index(Request $request, $id)
    {

        dd($request);