Skip to main content


BaseURL components (hostname, SSL policy, urlpath)


!Friendica Developers

I'm currently reducing the whole BaseUrl.php code massively.
Do we really need the ssl_policy, urlpath and hostname separate from the system.url?

I will use for the BaseUrl.php, based on the system.url a "real" UriInterface as $this->url, so we don't need saving the scheme, urlpath and hostname separately anymore. They are just useful for the install process but must not be changed afterwards.

The only thing, which I'm unsure is the ssl_policy, because if someone changes it afterwards in the admin site, all URL in all contacts and photos will get updated. But the question is => is this even allowed? I think this could brick the access over federation because the base-url of each entry isn't right anymore. And it isn't supported when the policy is changed by console.

So I would drop it as well and merge all config entries into the system.url.

Additionally, I will replace the Exception with a "CRITICAL" log entry to avoid a WSOD.

Friendica Developers reshared this.

@Philipp Holzer This sounds good, internally we don't make a difference between HTTP and HTTPS URLs for remote servers (thanks to the nurl) so it wouldn't have an impact on Friendica federation.

Friendica Developers reshared this.

The SSL-Policy was a thing of ancient times where you could define if you had a self certified certificate, a real one or none. There had been some code around this. Just have a look if this is used somewhere.

Friendica Developers reshared this.

@Tobias I'm not sure what wouldn't work with a self-signed certificate. Unless we are checking the CA for self-requests, but I'm not sure the legacy SSL Policy configuration value is about that.

Friendica Developers reshared this.

@Philipp Holzer For a local installation, like https://friendica.local you definitely need to ignore SSL/certificate errors because they are mostly only self-signed.

Friendica Developers reshared this.

I know and I'm using local Vagrant with https and there is no check at all in the code that would fail here. It works fine :-)

Friendica Developers reshared this.