My VueJS/Laravel site is running https by default but somehow there is an endpoint that when called is still on http instead of https. This project wasn't developed by me and I have limited knowledge on Laravel. Nginx configuration seems to be fine, where would the issue be most probably? I'm not sure where to start looking. Somehow this app is able to run without having to use URL::forceScheme('https'); and again nginx seems to be good (since by default the site is already on https). Most parts of the api call https save to just one URL. Why does this happen?
The application are using vue components? If yes, so check into the components where the ajax is sending the URL and check if it is setting the URL endpoint with http.
Is recommended to set the URL endpoint domain variable into a .env file and call the URL endpoint domain variable into the URL endpoint param on ajax method.
On this way you has no risk of send a different URL endpoint.
Related
I have a custom domain configured with a Google App Engine Flex instance. I want the naked domain to be redirected to the www version.
Setting up a forward through the domain registrar does nothing.
And I understand that this needs to handled in app.yaml. Does the Flex environment even support URL handling? If it does, how can I achieve this? It's running a PHP application.
A DNS CNAME can only help in eventually resolving the domain on which the request comes in, but it won't do redirection of requests coming in on one domain towards another domain.
In the flexible environment it is your app's responsability to decide what to do with an incoming request for certain domain. From Requests and domains:
The domain name used for the request is included in the request data
that is passed to your app. Therefore, you can use the request data to
control how your app responds based on the domain name in the request.
For example, if you want to redirect to an official domain, you can
code your app to check the Host request header and then respond
accordingly based on the domain name.
How exactly you do that - it depends on your app's handler implementation. Check the documentation for the framework you use.
And, of course, you need to map both the naked domain and the www domain to your app.
I am developing an application in IONIC. I am making a $http.get request in Angular JS and its giving me 404 error when I successfully login and trying to load the user profile using the token sent in the authentication header.
It produces error in chrome, although I enabled CORS. Please check the screenshot:
Now if I try the url in POSTMAN, everything is ok. See the screenshot below:
I am stuck with this error, can someone help me?
What Ionic says
There are two ways to solve the issue: The first, and easier, solution is to just allow all origins from your API endpoint. However, we can’t always control the endpoint we are accessing. What we need, then, is a request that does not specify an origin.
We can do this by using a proxy server. Let’s look how the Ionic CLI provides
Reference
What works but isn't completely good to use
A simple solution is just add a CORS plugin into your browser and everything will work.
Plugin Link
Proxy server
If you want a proxy server there is this tutorial:
Link
I have a application made on laravel 5.2.
It was running fine on HTTP.
I used asset function to generate full url instead of using relative one's like
<link rel="stylesheet" type="text/css" href="{{ asset('/css/bootstrap.min.css') }}">
According to laravel documentation here, the asset method automatically detects the request protocol and generates URL accordingly.
Now the application is not running on HTTPS,
I can use secure_asset for HTTPS URLs, but then it will stop running on HTTP and localhost.
I know there is something I'm missing and it can't be so hard to just migrate from HTTP to HTTPS using laravel
PS - Cloudflare is being used for serving HTTPS requests.
All answers given till now are correct but none solved my problem.
The main problem was my application was behind CloudFlare
Laravel detects a Request as secure or insecure by checking a HTTP header i.e. $_SERVER['REQUEST_SCHEME'] which remains HTTP even the Request is HTTPS due to cloudflare.
CloudFlare sets a different header for the same i.e. $_SERVER['HTTP_X_FORWARDED_PROTO'] Which must be checked to detect a request is secure or not
Following this article and making some changes to this I successfully managed to generate HTTPS URL without making any changes to previous application code.
Accessing The Request
To obtain an instance of the current HTTP request via dependency injection, you should type-hint the Illuminate\Http\Request class on your controller constructor or method
https://laravel.com/docs/5.2/requests#request-information
instead of manually setting it through configs you could use Request::secure() to check, if the request is done over HTTPS
According laravel source, asset will generate protocol based on request info if you don't explicitly hint it to use http/https. So, you should not change anything here. That will switch to https once you start requesting it via secure connection.
I have recently created a laravel project, and I am facing issues with it since I am trying to get it setup with SSL (Cloudflare).
What is the best way to redirect the user to the secured enviroment correctly in laravel 5?
Also, my CSS and JS are not beeing loaded in due to the fact that http is not allowed and my browser blocks the files from beeing loaded because they could be potential harmfull. (Which is not the case though, to be clear)
Can someone get me off the right track?
Redirecting your site users to a secure url (https://) should NOT be the job of the framework. This type of behavior should be handled on the DNS and A record level.
Redirecting from HTTP to HTTPS should be handled by the webserver.
Your assets are probably blocked because they are unencrypted (HTTP) on an encrypted site (HTTPS). You can solve that by using protocol relative URLs:
<script src=”//ajax.microsoft.com/ajax/jquery/jquery-1.3.2.min.js” type=”text/javascript”></script>
Note the // instead of http:// or https://. This will cause your assets to be fetched using the same protocol as the site.
Laravel has a helper function for secure assets: secure_asset()
http://laravel.com/docs/5.1/helpers#method-secure-asset
I don't really understand the differences between HTTP and HTTPS except that HTTTPS encrypts the data transmission (I think, correct me if I am wrong). Now, I am about to get my Facebook Page Tab up and running. For this I need my Tab URL at my CakePHP app also to be accessible over HTTPS. How do I do that in CakePHP? Just writing an HTTPS instead of just HTTP in the URL doesn't do the job.