I am running a laravel project on nginx server. On a subpage I try to inject some code by SSI like this:
location /path/ {
subs_filter_types text/html;
subs_filter '</head>' '<!--#include virtual="/another/url"--></head>' i;
ssi on;
}
The injected code is not that I would expect at /another/url/. Instead the whole website /path/ is getting injected. I guess that the laravel router is still routing to the given location.
When I open my-server.com/another/url/ I get the content to inject, but when I try to inject the content at /path/, the content of my-server.com/path/ will be injected.
Is the SSI request still having the inital request location? Could it be, that laravel router is it routing wrong then?
Related
Hello … l am finish Building website using Laravel and jQuery and bootstrap it's working good in local but when I upload to Heroku the file jQuery and bootstrap not working … it's work in local using http but in Heroku its need https its not working but when write http substitute of https it's working good like local and display Not Secure .. now any body know how can i allow website using https in Heroku or How can selection this problem
You should closely read all of Heroku's guide to getting started with Laravel.
The section titled "Trusting the Load Balancer" will resolve your issues.
Because of this:
This means that requests received by a dyno will have the last router’s IP address in the REMOTE_ADDR environment variable, and the internal request will always be made using the HTTP protocol, even if the original request was made over HTTPS.
Laravel sees HTTP requests coming in to the application, so it serves HTTP URLs for your various routes and asset URLs. As far as it knows, you're browsing via HTTP. The fix is to trust Heroku's "forwarded for" headers in your app's App\Http\Middleware\TrustProxies middleware:
<?php
namespace App\Http\Middleware;
use Illuminate\Http\Request;
use Fideloper\Proxy\TrustProxies as Middleware;
class TrustProxies extends Middleware
{
protected $proxies = '*';
protected $headers = Request:: HEADER_X_FORWARDED_AWS_ELB;
}
Had this issue myself awhile back, there are a few options and some are more heavy handed than others. If you want to gauruntee that everything is always https no exceptions first update your APP_URL to 'https://example.com' then in the boot method of your AppServiceProvider add Url::forceScheme('https');
The less heavy handed option is to find all of the places you use the asset() helper and change it to secure_asset instead. The asset helper should use your APP_URL to know the request is https but in my experience I couldn't rely on that so use secure_asset to make sure
Hello … l am finish Building website using Laravel and jQuery and bootstrap it's working good in local but when I upload to Heroku the file jQuery and bootstrap not working … it's work in local using http but in Heroku its need https its not working but when write http substitute of https it's working good like local and display Not Secure .. now any body know how can i allow website using https in Heroku or How can selection this problem
You should closely read all of Heroku's guide to getting started with Laravel.
The section titled "Trusting the Load Balancer" will resolve your issues.
Because of this:
This means that requests received by a dyno will have the last router’s IP address in the REMOTE_ADDR environment variable, and the internal request will always be made using the HTTP protocol, even if the original request was made over HTTPS.
Laravel sees HTTP requests coming in to the application, so it serves HTTP URLs for your various routes and asset URLs. As far as it knows, you're browsing via HTTP. The fix is to trust Heroku's "forwarded for" headers in your app's App\Http\Middleware\TrustProxies middleware:
<?php
namespace App\Http\Middleware;
use Illuminate\Http\Request;
use Fideloper\Proxy\TrustProxies as Middleware;
class TrustProxies extends Middleware
{
protected $proxies = '*';
protected $headers = Request:: HEADER_X_FORWARDED_AWS_ELB;
}
Had this issue myself awhile back, there are a few options and some are more heavy handed than others. If you want to gauruntee that everything is always https no exceptions first update your APP_URL to 'https://example.com' then in the boot method of your AppServiceProvider add Url::forceScheme('https');
The less heavy handed option is to find all of the places you use the asset() helper and change it to secure_asset instead. The asset helper should use your APP_URL to know the request is https but in my experience I couldn't rely on that so use secure_asset to make sure
I'm working on a Laravel project (an API) and I have a problem with a custom param in the request header.
I need to send a token in the request header, so I just add a param api_token in my request.
When I am on my local configured with apache2, I can in Laravel get my header request param with $request->header('api_token'), but when I tr on my server configured with nginx, I always get null
For me, there is a problem with nginx and header request, what can I do ?
Any ideas ? Maybe it's not from nginx...
That's because by default Nginx does not allow header with an underscore. You can simply update your header parameter to api-token:
$request->header('api-token');
Or you can configure your Nginx configuration to allow header with an underscore. Somewhere between your server block, add underscores_in_headers directive like this:
server {
...
underscores_in_headers on;
...
}
Also don't forget to reload your Nginx configuration. Read more about this underscores_in_headers directive here.
Hope this solve your issue.
I have a simple application (server side is Sinatra, client side is ReactJS).
The workflow is very basic: Sinatra handles get "/" request and sends an index.html to the client with static stylesheet and scripts.
Scripts are ReactJS app which consists of several components and a ReactRouter. Each React's component is a distinct "page" with its own route/path in terms of the ReactRouter.
For example:
"/" => "index.html" (real html page with renered components
inside),
"/form" => (ReactRouter points to component <Form/>, in fact render happens inside selector of "index.html"),
"/finish" => (ReactRouter points to component <Finish/>, in fact render happens inside selector of "index.html").
While I was implementing client side only, it worked pretty well. But now, when I am trying to use Sinatra for the server side stuff this is broken: when I want to go to the /form I am getting Sinatra's default 404 page ("Sinatra doesn’t know this ditty.").
I understand that Sinatra (or Rack) intercepts the request's path (/form of /finish) before the ReactRouter. But I cannot understand how to fix it (and why is it so, while router script is already on the client and should fire first).
Thanks for your help.
Use wildcard route to return index.html to all route.
Something like this:
get '/*' do
#return index.html
end
AWS Elastic Load Balancer listening through HTTPS (443) using SSL and redirecting requests to EC2 instances through HTTP (80), with IIS hosting a .net webapi application, using swashbuckle to describe the API methods.
Home page of the API (https://example.com) has a link to Swagger documentation which can bee read as https://example.com/swagger/ui/index.html when you hove over on the link.
If I click on the link it redirects the request on the browser to http://example.com/swagger/ui/index.html which displays a Page Not Found error
but if I type directly in the browser URL https://example.com/swagger/ui/index.html then it loads Swagger page, but then, when expanding the methods an click on "Try it out", the Request URL starts with "http" again.
This configuration is only for Stage and Production environments. Lower environments don't use the load balancer and just use http.
Any ideas on how to stop https being redirected to http? And how make swagger to display Request URLs using https?
Thank you
EDIT:
I'm using a custom index.html file
Seems is a known issue for Swashbuckle. Quote:
"By default, the service root url is inferred from the request used to access the docs. However, there may be situations (e.g. proxy and load-balanced environments) where this does not resolve correctly. You can workaround this by providing your own code to determine the root URL."
What I did was provide the root url and/or scheme to use based on the environment
GlobalConfiguration.Configuration
.EnableSwagger(c =>
{
...
c.RootUrl(req => GetRootUrlFromAppConfig(req));
...
c.Schemes(GetEnvironmentScheme());
...
})
.EnableSwaggerUi(c =>
{
...
});
where
public static string[] GetEnvironmentScheme()
{
...
}
public static string GetRootUrlFromAppConfig(HttpRequestMessage request)
{
...
}
The way I would probably do it is having a main file, and generating during the build of your application a different swagger file based on the environnement parameters for schemes and hosts.
That way, you have to manage only one swagger file accross your environments, and you only have to manage a few extra environnement properties, host and schemes (if you don't already have them)
Since I don't know about swashbuckle, I cannot answer for sure at your first question (the redirect)