https://twill.io logo
Join Discord
Powered by
elkex - I deployed my application to our produc...
# ❓questions
e
I deployed my application to our production server, but every time I want to save a record, I get an error requests need to be send over HTTPS instead of HTTP.. the ENV has https in the domain & admin_url, I also forces https in my AppServiceProvider and also in my public .htaccess.. What else can be done?
k
Is your SSL cert valid?
e
Yes, it should be..
i
is your production server behind a CDN or proxy?
e
I think one or the other could be the case since the server is very secured..
The CMS seems to use PUT requests, is there a way to avoid that?
@ifox are some requests being sent over HTTP instead of HTTPS of the CMS?
i
no, your Laravel app is responsible for outputting URLs depending on the incoming protocol, twill doesn't do anything playing into that
e
It all says HTTPS, but it still makes HTTP calls, so weird...
All calls are relative to the APP_URL variable in .env file.. Everything has HTTPS, I have no clue where the HTTP calls can come from
I already force all URL's over HTTPS
It also shows

https://cdn.discordapp.com/attachments/1102928094689493094/1110158091380600832/Screenshot_2023-05-22_at_12.51.46.png

i
yeah it shows that because you have http urls on a page loaded with https, this is your browser, not twill. APP_URL in practice actually doesn't impact your problem, it is only used by Laravel in the console context. In a network request context, Laravel reads from the request itself to determine if it should use https or not. Forcing https is not a perfect workaround, as you can see it doesn't always work. You need to look into how the request gets into your Laravel application. How did you get the SSL certificate? Which web server are you using?
e
That's what I've been thinking too unfortunately but they keep referring to the Laravel installation, which does not make any sense in my opinion because on our test server it works as a charm
The SSL certificate ends with F5 and redirects through port 80
Web server is APache
i
that's your problem, it goes through port 80. now this isn't a blocker. Usually the web server sends a header indicating the protocol, that's what Laravel TrustProxies middleware is for.
e
I implemented this trustproxies method, but unfortunately it does not seem to do anything differently, content is still not saving..
i
but you don't have the "the form is not secure" tooltips anymore right? what is the error when saving? is it about your previous question regarding the PUT method?
e
The requests still seem PUT requests, but the problem is dat once the content is in blocks, it is not saving..
On the settings section the content saves, but on model instances etc it does not save the content and I cannot seem to figure out why
Nor delete pages or whatsoever.. I can create pages but not seem to be able to delete them or whatsoever
Weirdest thing.. Never had this before..
i
what is the error in the network tab?
e
No error

https://cdn.discordapp.com/attachments/1102928094689493094/1110203566221688932/Screenshot_2023-05-22_at_15.52.28.png

If I remove all mt HTTPS redirections I get this

https://cdn.discordapp.com/attachments/1102928094689493094/1110203908011343922/Alef_Admin.png

This is what console says

https://cdn.discordapp.com/attachments/1102928094689493094/1110204666215678004/Alef_Admin.png

I think these requests are over AJAX and I think that is the problem..
i
why would that be a problem? you are still having the same issue where you load an https page that tries to submit a form with http
so your trustproxies middleware is probably not configured correctly
e
The method from this article seems deprecated since TrustProxies now seems to be part of Laravel 8+...
The trustproxies is like this:
Copy code
php
<?php

namespace App\Http\Middleware;

use Illuminate\Http\Middleware\TrustProxies as Middleware;
use Illuminate\Http\Request;

class TrustProxies extends Middleware
{
    /**
     * The trusted proxies for this application.
     *
     * @var array<int, string>|string|null
     */
    protected $proxies = "*";

    /**
     * The headers that should be used to detect proxies.
     *
     * @var int
     */
    protected $headers =
        Request::HEADER_X_FORWARDED_FOR |
        Request::HEADER_X_FORWARDED_HOST |
        Request::HEADER_X_FORWARDED_PORT |
        Request::HEADER_X_FORWARDED_PROTO |
        Request::HEADER_X_FORWARDED_AWS_ELB;
}
i
well I just provided an article to help with your problem, I'm sorry it isn't up to date, but the laravel documentation is and 
$proxies = "*";
should let all proxies through. But you need to make sure which header your application is receiving and add it to 
$headers
if its not there.
e
No problem! I asked them what header. Thank you very much for continuing to debug this issue with me.
PreviousNext
Powered by