metronic_laravel_v8: HTTPS website but login at HTTP
Hello,
Trying to install: metronic_laravel_v8.2.0_demo1
I got this error at the browser console:
"Mixed Content: The page at 'https://www.xxxxx/login' was loaded over a secure connection but contains a form that targets an insecure endpoint 'http://www.xxxx/login'. This endpoint should be made available over a secure connection."
At the .env file, I have:
...
APP_ENV=production
APP_URL=https://www.xxx
ASSET_URL=https://www.xxx/
...
I run the website at an Nginx server, port 80, and have the access forwarded from an HAproxy at https://www.xxx where the SSL is installed.
This same HAproxy setup runs fine for several other applications.
How can I make the login form post at the https URL?
Thanks.
Replies (3)
I apologize for the delay in response. It's great to hear that you've found a solution to the issue. Your solution could be beneficial to others facing a similar problem. Thank you for sharing, and if you have any more questions or encounter any further issues in the future, please don't hesitate to reach out.
Solved with this solution:
<head>
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
</head>From here: https://medium.com/geekculture/mixed-content-the-page-at-xxx-was-loaded-over-https-but-requested-an-insecure-yyy-95086e0293f7
I added this to AuthServiceProvider.php and AppServiceProvider.php and at a middleware:
public function boot()
{
\Illuminate\Support\Facades\URL::forceScheme("https");
}This solves the pre-login error.
But after login, it redirects to a http page: http://www.xxxx/dashboard , and popup an insecure XMLHttpRequest endpoint alert.
The issue is that Laravel sees the request as http because of the HAproxy, and ignores any https configuration.
