I recently downloaded an SSL certificate from zeroSSL.com and set it up in my Heroku CLI. Now the website still uses HTTP but it shows that an SSL certificate has been added on heroku.
If Heroku shows that the certificate was added, it should be available. Can you successfully browse to your site using HTTPS?
Note that Heroku doesn't redirect from HTTP to HTTPS for you. They recommend that you do that in application code:
Redirects need to be performed at the application level as the Heroku router does not provide this functionality. You should code the redirect logic into your application.
That page has several examples for how to redirect using common languages and frameworks. I'm not sure what you're using, but I suggest you start there.
Related
I've read a lot of questions and answers about this topic, but nothing I've seen has helped. I have web app with a node/express backend and an aurelia client. It's one of three I have running in the same subdomain. One of the others has a certificate and the other doesn't. Both of them work perfectly. The new app doesn't have a certificate, but it insists on redirecting all requests to https.
In chrome I've deleted the domain security policy and cleared my cache and I get the same result. It doesn't matter which browser I use. I've even tried a browser I've never used to access the app with a certificate and I get the same result.
The server code is essentially the same as for the app which doesn't use a certificate.
I'd appreciate any suggestions.
Ross
I have a heroku app set up on a .app TLD, and a custom domain through GoDaddy.
What I would like is to have something like this:
myapp.example.com resolves to my app, and does not redirect.
What I am currently experiencing is:
myapp.example.com redirects (with a 307) to my-example-app.herokuapp.com
What I have done:
Following the Heroku guide for custom domains, I've done heroku domains:add myapp.example.com -a my-example-app and also added a cname to though the Godaddy UI for my domain.
CNAME myapp some-heroku-dns-somehash.herokudns.com
Any help, advice or pointers would be appreciated.
Edit: The 307 redirect is just due to the app redirecting to /sign-in. The issue that I am trying to resolve is using the custom domain, and not the heroku domain.
The 307 redirect is just due to the app redirecting to /sign-in.
This causes me to think that your application thinks it should build URLs using the Heroku domain instead of the custom domain.
Does your application have a place where its domain is configured? You might just need to update that setting so it can build own URLs using the proper domain.
I'm trying to integrate facebook login into an app just for learning purposes but it seems that facebook made some changes recently that allows only https.
Here's the error when I try to log in with facebook:
Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://
Some people suggested to go to Facebook Login -> Settings and disable 'Enforce HTTPS for Web OAuth Login'. However, it seems that the recent update on facebook disabled this option.
Anyone found a work around this problem?
Enforce HTTPS
This setting requires HTTPS for OAuth Redirects and pages getting access tokens with the JavaScript SDK. All new apps created as of March 2018 have this setting on by default and you should plan to migrate any existing apps to use only HTTPS URLs by March 2019. Most major cloud application hosts provide free and automatic configuration of TLS certificates for your applications. If you self-host your app or your hosting service doesn't offer HTTPS by default, you can obtain a free certificate for your domain(s) from Let's Encrypt.
I provisioned a server using forge and set the domain to blog.example.com. And I generate a LetsEncrypt certificate for that server and set the site to run on http2. It was perfectly fine.
However, I need to make the server accessible via www.blog.example.com now. So I set a CNAME record to route www.blog to blog.example.com. But I got an error This site can’t provide a secure connection when I try to access the site via www.blog.example.com. So I try to generate a new certificate for www.blog.example.com but forge reply First domain does not match root domain on site.
How can I solve the problem?
Thank you.
I have set up a Parse Server on Heroku, with an MLab MongoDB. Everything works fine, & when I visit https://myapp.herokuapp.com I see "Make sure to star the parse-server repo on GitHub!".
I can successfully perform API functions through my Postman Console, for example logging in via the following REST API call: https://myapp.herokuapp.com/parse/login?username=admin&password=password.
I can also perform other REST API POST, GET, etc. as you would expect.
I'm now trying to use my own domain "api.mydomain.net". In the Heroku App > Settings > Custom Domains, I have set domain to "api.mydomain.net" & "myapp.herokuapp.com" as the DNS target.
I've also added a CNAME record to the DNS pointing "api" to "myapp.herokuapp.com".
When I visit https://api.mydomain.net I see the "Make sure to star the parse-server repo on GitHub!" message confirming that the CNAME record works, however when I go to perform the same REST API Login call https://api.mydomain.net/parse/login?username=admin&password=password I get the response:
Could not get any response.
This seems to be like an error connecting to
https://api.mydomain.net/parse/login?username=admin&password=password.
What am I missing?
You are trying to securely connect to the Parse Server with https. So you have to add a TSL certificate for your Heroku app in the Heroku dashboard.
Open Heroku app in Heroku dashboard
Open Settings tab
In section Domains and certificates click Configure SSL and choose Automatically configure using Automated Certificate Management.
Click Add domain to add the domain from which the request should be forwarded, e.g. api.example.com.
On your domain registrar's website set the CNAME for api.example.com to the domain in the Heroku app settings, e.g. api.example.com.herokudns.com
Wait until the status of the domain in the Heroku dashboard is Done