Tenancy for Laravel considers www. as a tenant

[Guzbyte-tech]

Bug description

The package considers any prefix before the main domain as a tenant and hence throws the error Tenant could not be identified on domain on TenantCouldNotBeIdentifiedOnDomainException. This error doesn't appear on localhost till i deployed to production server.

Steps to reproduce

After creating tenants, I tried accessing tenants from the browser i observed it has a prefix of www.
This then throughs an error www.tenant not identified on domain

Expected behavior

It is expected that the package should ignore the www. prefix before the tenant or accommodate without through the tenant not found error.

Laravel version

8.2.0

stancl/tenancy version

3.1.0

[stancl]

This is meant to be handled at the webserver level by redirecting www. domains to the non-www version.

That said, in v4 we might add some behavior to ignore a configurable list of subdomains.

[Guzbyte-tech]

Alright, I was able to fix this from the web server by creating the correct DNS records A record for * and www and also forcing redirect from www. to non-www through the nginx server config. I also installed an SSL certificate and the problem was solved.

But I still think this should be looked into to ignore the www.

This is an amazing package.

[stancl]

Will keep this open so that I remember to revisit this 👍🏻

[luke-joseph]

That said, in v4 we might add some behavior to ignore a configurable list of subdomains.

This would be super useful in my opinion.

I'm currently trying to create a subdomain endpoint (create.myapp.com) that will take a request and create a tenant and initialize their site but it's proving difficult at the moment as I keep running into the TenantCouldNotBeIdentifiedOnDomainException.

Thanks for the awesome package!

[Sharifur]

I am facing same issue as well, can you please share a record details @Guzbyte-tech
i need this solution for custom domain. i am able to resolve central domain www issue

[update]

resolved my problem by create a custom middleware. might not a best solution for it working for now. waiting for fore update in this issue

middleware ->
https://gist.github.com/Sharifur/eab15a572fd6e5ef77c0604964e77e15

[geekasso]

I ended up creating a config file with 'blocked_subdomains' => [] and 'blocked_domains' => [] arrays. During registration, for instance, the function checks against the 'blocked_subdomains' array in the config file and if there is a match, it fails. I use the same method when adding tenant domains, but it checks against the 'blocked_domains' array.

----- Edit ----
I used a config file so that I can easily update it without committing code. Hopefully, this is a good implementation.

[Guzbyte-tech]

@Sharifur nginx config file

server {
server_name example.com www.example .com;
root /var/www/example.com/public;

add_header X-Frame-Options "SAMEORIGIN";
add_header X_XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";

index index.html index.htm index.php;

charset utf-8;

location / {
try_files $uri $uri/ /index.php?$query_string;
}

location = /favicon.ico { access_log off; log_out_found off; }
location = /robots.txt { access_log off; log_out_found off; }

error_page 404 /index.php;

location ~ .php$ {
fastcgi_pass un ix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}

location ~/.(?!well-known).* {
deny all;
}
}

[Sharifur]

i will try it..

[Sharifur]

any update about v4?

[stancl]

For updates about v4, follow our Discord.