Today when I woke up to continue my developing process I got Firefox update and then I wasn't able to reach my localhost websites and redirecting to HTTPS protocol.
We all know that Google did the same while before but as many of us using Firefox mostly we (at least me) didn't care and continued our works with Firefox, now that Firefox decided to play with us (developers) here is some unanswered questions for me here:
Questions
How do we add HTTPS to our localhost?
Should we buy SSL certificate for our local environment?
How do I add SSL to my laravel project on localhost?
What will happen if I develop application with SSL and when I move it to host my domain doesn't have SSL (will be any conflict there?)
Concerns
My most concerns goes to:
What if I don't want to buy SSL certificate for my local environment and Publish my projects data (such as names etc.) with others (basically SSL companies).
What if I develop with HTTPS and my live site is HTTP
UPDATE
As I'm working on Windows and also I'm suing Laragon (i don't know about mapps,xampp etc.) here is how I solved my issue But still looking for answer to my other questions
First of all I turned on my laragon ssl certificate, then i changed my domains to pp now my sites loads like domain.pp
PS: I also tested same way with .local, .test and .app it didn't worked but pp worked.
You can also change the domain suffix.
just like
.localhost
.invalid
.test
.example
The folks that created DesktopServer (which I ***highly**** recommend over MAMP/XAMPP) registered the domain .dev.cc for local development use when Google did its thing with dev, which, as we all know, now requires https for local work when you use Chrome or Firefox. When you use DesktopServer to install a new instance of a site locally, DS will append the .dev.cc TLD which will only exist on your local computer. DesktopServer modifies all instances of .dev.cc to the correct production domain when you push your site to live. But, even if you don't use DS, you can use the .dev.cc domain.
Related
In the last week or so (approximately same timeframe as Firefox 75 release), local development of my example application (Rabbit) that uses auth0-spa-js has started failing in Firefox with the below error:
auth0-spa-js must run on a secure origin.
See https://github.com/auth0/auth0-spa-js/blob/master/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin
for more information.
Because of some problem I can't quite remember the details of, I've been using rabbit.localhost (with an entry in my hosts to resolve that host to 127.0.0.1) for my local development.
It seems that Firefox trusts "localhost" as a "secure origin", but not "*.localhost" type addresses. The ".localhost" address seems to work fine in Chrome.
The question:
Is there a way to get Firefox to accept a specific "xxx.localhost" as a secure origin?
For the moment, my workaround is to go back to using Chrome for local development.
This is now fixed in version 84:
https://news.ycombinator.com/item?id=25431563
I do a bunch of testing of web server setups, and so I frequently change a given virtual host's default protocol from http to https and back.
Unfortunately, Firefox keeps remembering that a site used to be https and refuses to reconnect to it with http, at least for some after the last
connection.
Is there a setting, or some stored value somewhere where I can make Firefox forget that it has ever seen this site before? I looked all over about.config and in the settings (I was looking for something rather similar to the "forget cookies" dialog) but came up empty.
So I have been using Laravel's Valet feature for my Laravel project for a few weeks no without any problems.
I have updated my Mac OS today and found that my project cannot be reached within Chrome, whats weird is the problem only occurs in Chrome. I can access the site fine in Safari.
I get the follow error on Chrome:
This site can’t be reached myproject.app refused to connect.
The site isn't using SSL so I dont think this is a SSL certificate issue as some people have suggested in other posts I have seen.
I have already checked and all Brew services are running.
Any ideas what this could be?
try change your domain from app to test
valet domain test
Probs a little late on this and you probably found a solution but for others searching:
Little new thing with chrome now, it always wants SSL and is mean about .dev for some reason.
So..
a. Use .test preferably (i see you're already using .app which should work fine!)
b. Use SSL. Simply go to the directory of your application in terminal and enter valet secure to make it use SSL.
c. Check you're not running a proxy or VPN in chrome (spend 2h searching before realising my nordvpn chrome extension automatically connected... thats how I found your question ^^')
otherwise try ps aux | grep in terminal to check if your DNS is working. :)
Are you using a VPN? I had the same problem with ExpreeVPN and I solved it by disabling Only use ExpressVPN DNS servers while connected from Advanced settings. The solution was posted here: https://github.com/laravel/valet/issues/527
I am a newbie at play, and I am trying at least to use HTTPS on a login and sign up pages in order to have more security on sensitive user data.
I have a range of questions regarding this:
I have configured my play application to use https on the application.conf file with the https.port property. However in my development environment I cant seem to start the server with https capability unless I use the command: play -Dhttps.port=<port>
Why does this happen? I would think that I could use a dev.conf (right now is the application.conf) file in order to do this. Can't I start the server in dev mode while using this kind of settings specified on the configuration file?
Although I start the server with https capabilities, what is the correct way to use https on play? I already created a java key store that I use, and tried to redirect (from a controller) requests to a https url using redirect(securedIndexCall.absoluteURL(request, secure)). But it does not seem to work at least on my dev enviroment (localhost). The logs specify exceptions like:
java.lang.IllegalArgumentException: empty text
java.lang.IllegalArgumentException: invalid version format: M¥å/=<junk characters continue>
Should I use https on the whole application, or just securing the login and sign up requests is sufficient?
I feel the official documentation provided is rather insufficient and I am at a loss here trying to figure out how I should do this.
Any help would be really appreciated!
I agree with Fernando, I think it's easier to set up a front end web server. In my case I used Lighttpd and it was fairly straightforward to set up. I'd recommend:
Configure Lighttpd as per these instructions (at this stage, don't worry about HTTPS just get HTTP working): http://www.playframework.com/documentation/2.3.x/HTTPServer
Then configure HTTPS in Lighttpd: http://redmine.lighttpd.net/projects/1/wiki/HowToSimpleSSL. If you intend on buying an SSL certificate then there will be a few more options to set (e.g. intermediate certificate). The following page has more information: http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL
Answers to your main questions:
1) Enabling HTTPS in Play
Yes, you have to explicitly say you want to use HTTPS when starting up
http://www.playframework.com/documentation/2.3.x/ConfiguringHttps
2) The "java.lang.IllegalArgumentException" error message
There might be an issue with the keystore. This SO article seems to discuss in more detail: Play framework 2.2.1 HTTPs fails on connection attempt
3) SSL for login page or whole app
Personally, I would go for the whole app. If you're taking the time to set up HTTPS I think you might as well cover the whole site. I guess there are slight performance overheads in running HTTPS but realistically it's not something you'd notice.
You should use a front end server for HTTPS, and use HTTPS for the whole application.
Please see Setting up a front end HTTP server and see the commented out nginx settings.
I have the following problem to solve:
I few months ago I startet a website where you can watch youtube videos which aren't available in your country. Everythings works fine but now I want to offer a new method where I route all the requests directly over my server. Therefore I will later use a custom DNS-Server. Right now I use the hosts file for testing but I have really no idea how i can identify the user. I can promp the user user to login on a website but I will that it works systemwide so if he use a youtube downloader for example it have to work there either and not only in the browser where I could use a session system with cookies. I want a solution where the user can identify himself once in a time like a website or something like this but how can my server detect if this is a user which is logged in or if he is not?
There are several ways that this could be accomplished with varying levels of difficulty.
standard proxy server over https. Your service could simply be a proxy server and then every "client" would update their browser to point to your proxy server. You could also simplify this by using a proxy PAC file (proxy auto config).
An anonomyzing interface. The end user would not be able to use their standard search tools etc, instead they would have to use a web page much like what google translate does.
A browser plugin. There are already firefox plugins which do something similar to this. They change the way that the browser resolves DNS. This may be the best bet for you but would require development work.
An actual install utility that you have your users install on their machines which update the dns servers.