It's so strange that the POST API routes doesn't work!
Check this simple POST route in api.php:
// This route doesn't work!
Route::post('/test', function (Request $request) {
return 'test';
});
It gives me this error: Symfony\\Component\\HttpKernel\\Exception\\MethodNotAllowedHttpException!
But if I change the request verb to GET, then both GET and POST work just fine!!! It's making me crazy!
// This route works on both, GET and POST!
Route::get('/test', function (Request $request) {
return 'test';
});
And yes, as you know the API routes simply don't use the VerifyCsrfToken middleware. So the middleware is not the issue obviously! And php artisan cache:clear is not also the answer :(
Did anybody had the same problem? Any help would be so appreciated.
Oh yea! As #patricus also mentioned in comments, I was experimenting a stupid redirect without knowing it! Let me clear this for anyone else who is experienicng the same thing and don't know where this issue is coming from!
You need to make sure the URL that you're connecting to is not going to be redirected behind the scenes whatsoever...
e.g. in my own hosting panel, I have set to add WWW in all of my URLs... So when I was trying to access the https://example.com/app/public/api/test URL by POST method, I was getting the MethodNotAllowedHttpException error! Because my URL was redirecting to https://www.example.com/app/public/api/test and in redirection it will change to GET! And as I didn't set any GET routes... So obviously I was getting the MethodNotAllowedHttpException exception :)
That's stupid, right? Yea, I know! Also make sure if your app is on a SSL domain, always connect to https:// instead of http://. Because it is not only secure but also a redirection may happen again, without you knowing it! How? By your own .htaccess file that you have changed or your hosting support has changed it for you and you don't remember (check this answer as well):
# Let's force using SSL on all of our URLs and also forbid non-secure POSTs
RewriteEngine On
# Forbid non-secure POSTs
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_METHOD} =POST
RewriteRule ^ / [F,L]
# Force SSL
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Or by services such as CloudFlare, which help you be more secure and redirects all of your URLs from http:// to https:// if you have set this setting in your CloudFlare panel and again you don't remember that!
Related
I have searched and search to no avail. If there is already an answer out there, please let me know.
But I am trying to redirect wildcard subdomains to a specific file with a GET request. At the same time need to redirect to https and non WWW
For Example:
http://user1.example.com -> https://example.com/index.php?user=user1
https://user2.example.com -> http://example.com/index.php?user=user2
Any help will be forever grateful and thank you in advance!
Try with below rule,
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(.*)\.example.com
RewriteRule ^ %{REQUEST_SCHEME}://example.com/index.php?user=%1 [R=302,END]
I am slightly unsure that request scheme will work in lower version of apache let me know the result.
Currently I have my ssl forced on a pages where it is needed and it works great.
Problem is on all other pages user can click in address bar and add "https" causing some pages to load with error about mixed content etc.
Same happens if someone visits page with https link.
How can I use either worpress functions.php or htaccess file to force specific page URL to always use non-ssl version of website?
Edit:
I just don't see how suggested duplicate is a duplicate. There is no example of any htaccess code and post author seems to mention he managed to create some solution but without code this does not help me.
What I need is what would seem simple redirect like
https://domain.com/page1 -> http://domain.com/page1
Shouldn't something like that be possible with either htaccess or just wordpress functions.php?
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} ^/someurl
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
above seemed to work for me.
Redirects from https to http just for /someurl
I created my own login page and social media (Facebook) with Codeigniter 2.1.2, then I wanted to use url redirect, for example:
http://mydomain.com/account/login/redirect_url/login/http://mydomain.com/
1- redirect_url // is a Method in account controllers
2- login // parameter define login or logout,when click link login/logout
3- http://mydomain.com/ // Is the url for redirecting to, after login succeed.
In my localhost it's working well, but on my server it's not working. I know some reasons why does it work, because of .htaccess file
Local:
RewriteRule ^(.*)$ ./index.php/$1 [L,QSA]
Server:
RewriteRule ^(.*)$ ./index.php?/$1 [L,QSA]
I think that, cause by Question mark(?), Even facebook login is not working also. But I tried the code without ? on the server, but it doesn't work at all, if I use ? works all, but url only.
My question is what should I do with this code?
I have noticed that many CodeIgniter developers are not using the standard method that many sites use today.
Try this:
RewriteRule ^ index.php [L, QSA]
In essence, you'll find that there are many ways to do it, but I don't think that you really need to use the ./ and the $1.
I guess it also depends on what server system you are using.
Hope this helps. If not, perhaps you could show us your entire hypertext access file (.htaccess)?
How do I force HTTPS for certain parts of a site, e.g. a login page or register page, and use HTTP for the rest of the site?
My favorite convert to https forcing method is to put this as the first thing in your php script. It works in Joomla, and may very well work in CakePHP.
if( $_SERVER['SERVER_PORT'] == 80) {
header('Location:https://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']).'/'.basename($_SERVER['PHP_SELF']));
die();
}
This snippet will force https on whatever page you are viewing. If you want to isolate certian pages, just put some conditions based on the information in the "$_SERVER['PHP_SELF']" variable.
Otherwise, modify the .htaccess file, assuming your host allows you access to this:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} somefolder
RewriteRule ^(.*)$ https://www.domain.com/somefolder/$1 [R,L]
I did the exact thing with CodeIgniter. I'm not totally familiar with CakePHP but I'm sure the process is similar.
I setup apache to point SSL and non-SSL traffic to the same directory.
Then I created an array in the config that listed which controllers needed to have SSL (register, login, etc)
Then created a function in an autoloaded helper that checked to see if the current controller was in that array and then it would reset the base_url with https:// instead of http://. If the controller wasn't in the array, it would force the base_url to http://.
Worked flawlessly for me. Let me know if code examples from my CodeIgniter project would be helpful.
Similar post that may help.
You may load the RequestHandler component and use the isSsl() function to determine if it is coming from a http or https, if !isSsl then redirect it to a https page :) else do whatever other thing you want.
book info of the isSsl function here
A better solution might be doing this with mod_rewrite with htaccess for certain Url's and leaving the code out of it all together.
You can setup your rewrite rules for just certain Url's.
Here is a lead on how to do it for an entire site:
http://www.besthostratings.com/articles/force-ssl-htaccess.html
Hey everybody, Im really confused about this problem. Ill try to describe it:
The problem is:
http://mydomain.com/somedir/somephp.php?arg1=value&arg2=http://otherdomain.com&arg3=http://othertoo.com/somepath/something... totally fails. With and without url encode.
My site reads in everything after mydomain.com/everything, except files and directories which are exists. I'm doing it with mod_rewrite:
Options -Indexes
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ handler.php
The query example above is landing at handler.php. If I comment out the RewriteRule, there will be an apache error:
Forbidden
You don't have permission to access /somedir/somephp.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Lots of testing etc, Ive figured out that there is a problem with the http://, or :// string in the url arguments.
But its coming in url encoded :S
This stuff should be an openId authentication system, and its fails at the postback, and I'm sure the url in the url argument makes this error.
I never meet this problem before, altougth, I did a lot of same thing.
The url encode thing must work.
Please help me!
Thanx!
I faced exactly the same problem. here
You will need to contact your hosting service provider. There are some rules that are conflicting with their .htaccess rules. So request them to whitelist your site from such rules.
Don't forget to include a url of the problem while reporting the issue to your webhosting provider.
I am pretty much sure that your problem will be solved once your site has been added to the whitelist of your service provider security rules.
My problem was solved when I reported the issue to my website hosting provider.
You could try encoding it with base64:
http://www.webtoolkit.info/javascript-base64.html
then decode it in the application.