Get 2024 Templates Mega Bundle!14 Bootstrap, Vue & React Templates + 3 Vector Sets
Get for 99$

metronic_laravel_v8: HTTPS website but login at HTTP


Hello,

Trying to install: metronic_laravel_v8.2.0_demo1

I got this error at the browser console:
"Mixed Content: The page at 'https://www.xxxxx/login' was loaded over a secure connection but contains a form that targets an insecure endpoint 'http://www.xxxx/login'. This endpoint should be made available over a secure connection."

At the .env file, I have:
...
APP_ENV=production
APP_URL=https://www.xxx
ASSET_URL=https://www.xxx/
...

I run the website at an Nginx server, port 80, and have the access forwarded from an HAproxy at https://www.xxx where the SSL is installed.

This same HAproxy setup runs fine for several other applications.

How can I make the login form post at the https URL?

Thanks.


Text formatting options
Submit
Here's a how to add some HTML formatting to your comment:
  • <pre></pre> for JS codes block
  • <pre lang="html"></pre> for HTML code block
  • <pre lang="scss"></pre> for SCSS code block
  • <pre lang="php"></pre> for PHP code block
  • <code></code> for single line of code
  • <strong></strong> to make things bold
  • <em></em> to emphasize
  • <ul><li></li></ul>  to make list
  • <ol><li></li></ol>  to make ordered list
  • <h3></h3> to make headings
  • <a></a> for links
  • <img> to paste in an image
  • <blockquote></blockquote> to quote somebody
  • happy  :)
  • shocked  :|
  • sad  :(

Replies (3)


I added this to AuthServiceProvider.php and AppServiceProvider.php and at a middleware:


public function boot()
{

\Illuminate\Support\Facades\URL::forceScheme("https");
}


This solves the pre-login error.

But after login, it redirects to a http page: http://www.xxxx/dashboard , and popup an insecure XMLHttpRequest endpoint alert.

The issue is that Laravel sees the request as http because of the HAproxy, and ignores any https configuration.



Solved with this solution:

<head>
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
</head>


From here: https://medium.com/geekculture/mixed-content-the-page-at-xxx-was-loaded-over-https-but-requested-an-insecure-yyy-95086e0293f7



I apologize for the delay in response. It's great to hear that you've found a solution to the issue. Your solution could be beneficial to others facing a similar problem. Thank you for sharing, and if you have any more questions or encounter any further issues in the future, please don't hesitate to reach out.


Text formatting options
Submit
Here's a how to add some HTML formatting to your comment:
  • <pre></pre> for JS codes block
  • <pre lang="html"></pre> for HTML code block
  • <pre lang="scss"></pre> for SCSS code block
  • <pre lang="php"></pre> for PHP code block
  • <code></code> for single line of code
  • <strong></strong> to make things bold
  • <em></em> to emphasize
  • <ul><li></li></ul>  to make list
  • <ol><li></li></ol>  to make ordered list
  • <h3></h3> to make headings
  • <a></a> for links
  • <img> to paste in an image
  • <blockquote></blockquote> to quote somebody
  • happy  :)
  • shocked  :|
  • sad  :(
Text formatting options
Submit
Here's a how to add some HTML formatting to your comment:
  • <pre></pre> for JS codes block
  • <pre lang="html"></pre> for HTML code block
  • <pre lang="scss"></pre> for SCSS code block
  • <pre lang="php"></pre> for PHP code block
  • <code></code> for single line of code
  • <strong></strong> to make things bold
  • <em></em> to emphasize
  • <ul><li></li></ul>  to make list
  • <ol><li></li></ol>  to make ordered list
  • <h3></h3> to make headings
  • <a></a> for links
  • <img> to paste in an image
  • <blockquote></blockquote> to quote somebody
  • happy  :)
  • shocked  :|
  • sad  :(