I have migrated my laravell 7 sites to a new host site is displaying all data but CSS, JS and Route not working in chrome console it is showing err with Failed to load resource: net::ERR_CONNECTION_REFUSED all URL of assets and routes are using https, how to disable https and use http?
You can use as middleware.
URL::forceScheme('http');
The problem was resolved by commenting below code in htaccess
Header always set Content-Security-Policy: upgrade-insecure-requests
Related
I have a Laravel+Vue app that I successfully installed on Heroku and Laravel part works here (https://shoomilka-todoapp.herokuapp.com/), but my Vue code for this application doesn't want to work. Code you can see here https://github.com/shoomilka/todoapp.
Can you help me, please to fix the error of why Vue doesn't work on Heroku?
It works on local environment well.
Try inspect your website and look at the console tab. you will see this error.
Mixed Content: The page at 'https://shoomilka-todoapp.herokuapp.com/'
was loaded over HTTPS, but requested an insecure script
'http://shoomilka-todoapp.herokuapp.com/js/app.js?time=1590194712'.
This request has been blocked; the content must be served over HTTPS.
If your website delivers HTTPS pages, all active mixed content delivered via HTTP on this pages will be blocked by default.
The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP. you can use laravel secure_assets method this generates a URL for an asset using HTTPS
<script src="{{ secure_assets('js/app.js') }}?time={{ time() }}"></script>
or simply just set 'url' => 'https://youDomain.com' in config/app.php and .env APP_URL=https://yourDomain.com
I have an issue on my website.
When I accessed the website by IP everything is good but when I access the website by domain name I got this error:
Mixed Content: The page at `<URL>` was loaded over HTTPS, but
requested an insecure stylesheet `<URL>`. This request has been
blocked; the content must be served over HTTPS.
https://141.105.67.4/en/games
https://g11games.com/en/games
Can you please help to solve this issue.
As the error states, you website is being loaded via https, but the scripts contained within the website, are being loaded via http. Likely, in your config, you have set APP_URL to point the http URL, so all assets on your website are using that as the base URL. Changing that to HTTPS should resolve the errors.
fixed by adding
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
I had some problems to set a correct cors header for using external resource in my wordpress installation. I have a subdomain which exposed by another domian name.
I've got following error by using some plugin which load resources from my website by using an ajax call:
XMLHttpRequest cannot load [resource-URL] No 'Access-Control-Allow-Origin' header
I created a .htaccess file in the root directory of my subdomain.The file content is:
Header set Access-Control-Allow-Origin "sub.site.com"
I read in many blogs that you should use
Header set Access-Control-Allow-Origin "*"
but i guess that is a bad idea.
I have problem with https. In console I have
Mixed Content: The page at 'https://home.pl/pl/' was loaded over HTTPS, but requested an insecure image 'http://home.pl/img/cms/home.png'. This content should also be served over HTTPS.
The console "shows" the solution. You should serve the home.png with https, so the correct url should be https://home.pl/img/cms/home.png
In the .tpl use this snippet to check if is active the SSL mode in backoffice.
For example.
For the link:
My link
For images:
<image src="http{if Tools::usingSecureMode()}s{/if}://home.pl/img/cms/home.png">
I'm attempting to load Google Fonts and an image over HTTPS, but they keep loading over HTTP, despite changing the path to "https" in all of the assets.
Mixed Content: The page at 'https://' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Roboto:400,100,100italic,300italic,300,400italic,500,500italic,700,700italic,900,900italic'. This request has been blocked; the content must be served over HTTPS.
Mixed Content: The page at 'https://' was loaded over HTTPS, but requested an insecure image
'http://farm6.staticflickr.com/5267/5783999789_9d06e5d7df_b.jpg'. This content should also be served over HTTPS.
You can use protocol related url like this:
'//fonts.googleapis.com/css?family=Roboto:400,100,100italic,300italic,300,400italic,500,500italic,700,700italic,900,900italic'.
Also, do not forget to run
rake assets:precompile
before pushing to heroku.
For people who are facing similar troubles using laravel {{HTML::style('css/style.css')}} and {{HTML::script('js/script.js')}} can simply make the HTMLBuilder secure by modifying the statements to
{{HTML::style('css/style.css',array(),true)}} and
{{HTML::script('js/script.js',array(),true)}}
where 'true' insists that the content are severed secure or over HTTPS