Skip to content

fix(nginx): Remove static file extension location block#7

Merged
nfebe merged 1 commit into
mainfrom
fix/nginx-static-file-intercept
Mar 30, 2026
Merged

fix(nginx): Remove static file extension location block#7
nfebe merged 1 commit into
mainfrom
fix/nginx-static-file-intercept

Conversation

@nfebe

@nfebe nfebe commented Mar 30, 2026

Copy link
Copy Markdown
Contributor

This block serves files matching static extensions directly from disk, bypassing PHP. Any Laravel API route ending in .png, .jpg, etc. never reaches the application — breaking file-serving endpoints and CORS middleware.

Redundant since try_files already serves static files from disk.

This block serves files matching static extensions directly from
disk, bypassing PHP. Any Laravel API route ending in .png, .jpg,
etc. never reaches the application — breaking file-serving
endpoints and CORS middleware.

Redundant since try_files already serves static files from disk.

Signed-off-by: nfebe <fenn25.fn@gmail.com>
@sourceant

sourceant Bot commented Mar 30, 2026

Copy link
Copy Markdown

Code Review Summary

The PR removes a regex-based location block in Nginx that was intercepting requests for common static file extensions. This fixes a bug where Laravel routes mimicking these extensions (e.g., dynamic image generation or protected file downloads) were returning 404s from Nginx instead of being handled by PHP.

🚀 Key Improvements

  • Fixed routing for dynamic assets: Laravel endpoints ending in .png, .js, etc., will now correctly reach the application.
  • Simplified configuration: Removed redundant logic that is usually handled by try_files.

💡 Minor Suggestions

  • Consider re-implementing Cache-Control headers in a way that doesn't break routing.

@sourceant sourceant Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review complete. See the overview comment for a summary.

Comment thread nginx.conf
add_header Cache-Control "public, immutable";
}

add_header X-Frame-Options "SAMEORIGIN" always;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While removing the extension block solves the routing issue, you've lost the browser caching headers (Expires, Cache-Control) for your actual static assets. Consider moving these headers into a general location block or adding them to your main location / if you want to maintain performance for real static files.

Suggested change
add_header X-Frame-Options "SAMEORIGIN" always;
location / {
try_files $uri $uri/ /index.php?$query_string;
# Re-add caching for static assets here or in a more specific way that doesn't intercept PHP
}
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;

@nfebe nfebe merged commit bb2976c into main Mar 30, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant