I don't really understand the differences between HTTP and HTTPS except that HTTTPS encrypts the data transmission (I think, correct me if I am wrong). Now, I am about to get my Facebook Page Tab up and running. For this I need my Tab URL at my CakePHP app also to be accessible over HTTPS. How do I do that in CakePHP? Just writing an HTTPS instead of just HTTP in the URL doesn't do the job.
Related
My VueJS/Laravel site is running https by default but somehow there is an endpoint that when called is still on http instead of https. This project wasn't developed by me and I have limited knowledge on Laravel. Nginx configuration seems to be fine, where would the issue be most probably? I'm not sure where to start looking. Somehow this app is able to run without having to use URL::forceScheme('https'); and again nginx seems to be good (since by default the site is already on https). Most parts of the api call https save to just one URL. Why does this happen?
The application are using vue components? If yes, so check into the components where the ajax is sending the URL and check if it is setting the URL endpoint with http.
Is recommended to set the URL endpoint domain variable into a .env file and call the URL endpoint domain variable into the URL endpoint param on ajax method.
On this way you has no risk of send a different URL endpoint.
I need to simulate from within an iframe in our site, which uses https and it's loaded only once upon the authentication on our site, the authentication into another site, which only uses http.
How can I do that?
We first tried loading into the iframe a page of our site from which the login form for the remote authentication is automatically submitted with javascript. This cannot be achieved because the http request from the form is blocked by the browser for security reasons. I must clarify that if we use http in our web too, the authentication is done without problems.
I'm not sure if using file_get_contents() will do the trick, because it's not a simple static page what we need to display. We need to keep any data from the remote login (cookies, etc) in the browser so that we can access other parts of the remote web (once I've signed in) from other places of our site. As far as I know, file_get_contents doen't provide any header.
Another alternative I've also considered is curl, using CURLOPT_RETURNTRANSFER=true and CURLOPT_HEADER=true and trying to manually set any cookies I get in the header. I'm not sure if keeping the session implies more actions though.
I have recently created a laravel project, and I am facing issues with it since I am trying to get it setup with SSL (Cloudflare).
What is the best way to redirect the user to the secured enviroment correctly in laravel 5?
Also, my CSS and JS are not beeing loaded in due to the fact that http is not allowed and my browser blocks the files from beeing loaded because they could be potential harmfull. (Which is not the case though, to be clear)
Can someone get me off the right track?
Redirecting your site users to a secure url (https://) should NOT be the job of the framework. This type of behavior should be handled on the DNS and A record level.
Redirecting from HTTP to HTTPS should be handled by the webserver.
Your assets are probably blocked because they are unencrypted (HTTP) on an encrypted site (HTTPS). You can solve that by using protocol relative URLs:
<script src=”//ajax.microsoft.com/ajax/jquery/jquery-1.3.2.min.js” type=”text/javascript”></script>
Note the // instead of http:// or https://. This will cause your assets to be fetched using the same protocol as the site.
Laravel has a helper function for secure assets: secure_asset()
http://laravel.com/docs/5.1/helpers#method-secure-asset
I am working with a site that builds XML files that are then posted to a RESTful interface. I have built the tool to generate the files and I would like to upload them to the RESTful interface. I am having a slight problem. It would be nice to POST the file using a form, but the "content-type" must be "application/xml" not "multipart/form-data", so that ruled out posting that way. Next, I figured I'd try to cURL the file, but that failed, too.
The RESTful interface requires the user's certificate in order to process data. That's because the interface keeps track of who is uploading based on their cert information. So, I was hoping to get help with one of two options
1) Post the data, and client certificates that are in the browser, to the RESTful interface using cURL
2) Process the data, set the headers properly and then somehow redirect the POST using the client's browser to the page. I know the page will authenticate a user if they go to the RESTful URL. So if I could somehow setup the page data as an "application/xml" and then tell the user's browser "Hey, redirect to this address and send this data"...
Suggestions?
I have a shared SSL certificate from my web host which (for this posts sake) looks like this:
https://some-ssl-cert/mysite
Going to that link would go to my site, and display it in https:// with a green padlock.
The normal site is http://
How do I display the main login for the website as https://?
Obviously I cannot tell or redirect my users to https://some-ssl-cert/mysite so I am very confused on how to implement this.
Lastly, when I need to send sensitive information on other pages that aren't https:// would I simply send that information to https://some-ssl-cert/mysite?
So for instance, if I needed to make a secure ajax request or something would I access the .php file via https://some-ssl-cert/mysite?
How do I display the main login for the website as https://?
You need an SSL certificate for the host name used for your site. You also need your host to support it.
Lastly, when I need to send sensitive information on other pages that aren't https:// would I simply send that information to https://some-ssl-cert/mysite?
If you need to send sensitive information, then you need to do it over HTTPS. If you are using plain HTTP then you need to redirect to the HTTPS site.
So for instance, if I needed to make a secure ajax request or something would I access the .php file via https://some-ssl-cert/mysite?
The entire webpage needs to be served over HTTPS. Otherwise:
It will be a cross-origin request and the ajax will fail (CORS/JSONP/et al excepted)
The non-secured page could be interfered with (e.g. JS added that would steal the securely acquired data).