The Laravel application I set up is working flawlessly on my CentoS 7 dev server. Specifically: logging in and logging out with:
php artisan make:auth
However, when I move it to my live server, the "logout" function stops working. I click my logout button in Chrome,
<form id="logout-form" action="{{ route('logout') }}" method="POST" style="display: none;">
#csrf
</form>
it redirects to my login screen through my LoginController function,
public function logout(Request $request) {
Auth::logout();
return redirect('/login');
}
but when I type in a URL that is supposed to be secure, that URL loads. If I refresh the page, then it actually logs me out.
In Firefox, nothing happens at all when when the logout button is clicked on the blade.
Also, it may be worth noting that in Chrome on my dev server, the cookie set for the page has an Expires/Max-Age of 2hours from now (today)
2019-01-15....
which is correct.
In Chrome on my live server, the cookie Expires/Max-Age is
1969-12-31....
Save for my APP_URL, database credentials and mail server, my .env files are identical. I have changed nothing else -just uploaded the files. The rest of the functionality on the site works perfect.
I have tried many different configurations and searches and still no luck. Thank you for reading this.
It turns out on my live server in my .htaccess file, I was modifying the Cache-Control settings:
<IfModule mod_headers.c>
<FilesMatch ".(php)$">
Header set Cache-Control "max-age=86400"
</FilesMatch>
</IfModule>
Once I removed these lines, my Laravel app now works.
Related
I have a Laravel+Vue app that I successfully installed on Heroku and Laravel part works here (https://shoomilka-todoapp.herokuapp.com/), but my Vue code for this application doesn't want to work. Code you can see here https://github.com/shoomilka/todoapp.
Can you help me, please to fix the error of why Vue doesn't work on Heroku?
It works on local environment well.
Try inspect your website and look at the console tab. you will see this error.
Mixed Content: The page at 'https://shoomilka-todoapp.herokuapp.com/'
was loaded over HTTPS, but requested an insecure script
'http://shoomilka-todoapp.herokuapp.com/js/app.js?time=1590194712'.
This request has been blocked; the content must be served over HTTPS.
If your website delivers HTTPS pages, all active mixed content delivered via HTTP on this pages will be blocked by default.
The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP. you can use laravel secure_assets method this generates a URL for an asset using HTTPS
<script src="{{ secure_assets('js/app.js') }}?time={{ time() }}"></script>
or simply just set 'url' => 'https://youDomain.com' in config/app.php and .env APP_URL=https://yourDomain.com
I need help on setting up the laravel backpack on live server.
So at first i got trouble loading the asset since it used http for the image and css
http://example.com/images/ and http://example.com/css/
I can solve that problem using this code I got
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
The assets are loaded correctly (it shows https://example.com/images/... when i inspeced it)
But somehow some crucial contents are not loaded with https, here's the screenshot:
With the error
Access to XMLHttpRequest at 'http://example.com/admin/elfinder/connector' from origin 'https://example.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
Here's the code of the error
<!-- This file is used to store sidebar items, starting with Backpack\Base 0.9.0 -->
<li>
<a href="{{ backpack_url('dashboard') }}">
<i class="fa fa-dashboard"></i>
<span>{{ trans('backpack::base.dashboard') }}</span>
</a>
</li>
There are several thing that didnt't get updated to https as well such as some CSS(from the vendor/crud), scripts, the post method, and the logo
I think that I can copy paste the meta tag to the backpack_url, but I have no idea where is it or how it works.
I am very new to this, any suggestion is appreciated
Thanks!
It looks like your Laravel installation think that you are running on a HTTP server, while the client's request was made over HTTPS
These issues generally happen as a result of having a proxy in front of Laravel.
As a first point of call, ensure that your trusted proxy configuration is correct. This will cause Laravel to trust the X-Forwarded-Protocol header, and intern to generate the correct https URLs.
If you can't get the proxy configuration working, you can always force https URL generation by adding this in your AppServiceProvider
if($this->app->environment('production')) {
\URL::forceScheme('https');
}
I'm embellishing Laravel's 404 page (ressources/views/erros/404.blade.php). But, I can't load my CSS and JS files, which are, in my public folder.
Actually, Laravel is returning me localhost/css/bootstrap.css when it should return me localhost/myproject/public/css/bootstrap.css with {{ URL::asset('css/bootstrap.css') }}. While it's returning me localhost/myproject/public/css/bootstrap.css when I'm on another view (with the same code: {{ URL::asset('css/bootstrap.css') }}) on my home page wich is perfectly working.
By the way, I'm using Laravel 5.3.
Thanks in advance <3
Configure your webserver so the root of domain (localhost) points to public/ -folder.
Vagrant-solution like Homestead would probably make setting up the development-environment easier for you.
I have just set up a Magento store and eveything is working fine, except for a problem in the catalog search URL.
When I go to the checkout page, everything is loaded in HTTPS, except for the catalog search URL, which makes chrome give a warning saying that there's mixed content in the page. When I check the source code, it says:
<form id="search_mini_form" action="http://XXXX/catalogsearch/result/" method="get">
But that only happens when the user is not logged in (or a first time customer). Once the user is logged in, the URL is loaded properly:
<form id="search_mini_form" action="https://XXXX/catalogsearch/result/" method="get">
Any idea on why this could be happening?
Thanks!
I know it's not the complete solution, and I have no idea why this is happening also on my store - but a temporary "patch" would be to open:
app/design/frontend/fogento/default/template/catalogsearch/form.mini.phtml
and manually modify the first line of the form element to use the secure url including https.
For example:
<form id="search_mini_form" action="https://www.yoursite.com/catalogsearch/result/" method="get">
This will give you the green address bar in chrome.
I am gonna try my best to describe our problem. Hopefully someone way smarter than us can figure this out. One of our Joomla sites has some content that requires login, simple enough right? The normal login functionality works great. Once logged in we could see the locked down content. But lets say we have a direct link to a "locked" page, once logged in, the page redirects to the homepage (index.php).
Natively Joomla 2.5 should retain the origin link, and redirects to that link, not back to index.php. So if my link was homepage.com/k2item1, after login it should go to k2item1 not index.php. I have tried turning off all modules and plugins just in case something is overriding the native login functionality from links. I have checked the .htaccess file for redirects. I have tried both settings in SEO settings "Use URL rewriting", Yes/NO doesn't matter. I have tried renaming the override folder (html) in our template folder, so no overrides should happen. Nothing. The link still redirects back to index.php. I have even tried printing out the form/user object to see if the origin link was there, aka "return", and the link is in there, but after login, still index.php instead of the string "return". Any ideas will be greatly appreciated. Maybe there are plugins out there that would help ensure links do not redirect to home page?
Override the component: mod_k2_user/login.php and edit the hidden input name "return".
<input type="hidden" name="return" value="<?php echo base64_encode(JURI::current()) ?>" />