Is it possible, in Laravel 4.1, to redirect to a relative path instead of the full path ? If we look at the UrlGenerator::to method, here what we have:
public function to($path, $extra = array(), $secure = null)
{
if ($this->isValidUrl($path)) {
return $path;
}
$scheme = $this->getScheme($secure);
$tail = implode('/', array_map('rawurlencode', (array) $extra));
$root = $this->getRootUrl($scheme);
return $this->trimUrl($root, $path, $tail);
}
This will act like this (meta-code):
mysite.com/url Redirect::to('/test'); => mysite.com/test
What I'd want it's to be redirected to a relative URL:
mysite.com/url Redirect::to('/test'); => /test
The problem it's that the company I'm working for, use a ReverseProxy to redirect all the traffic to HTTPS protocol, and with this kind of laravel redirects I keep getting redirected from HTTP to HTTPS :
call: GET http:// mysite.com
proxy: GET https:// mysite.com
redirect to login: GET http:// mysite.com / login
proxy: GET https:// mysite.com / login
submit login: POST http:// mysite.com / login
proxy: POST https:// mysite.com / login
And the problem is that the submit form fail.
Is there a possibility to redirect to the relative path and let the proxy define the root url / protocol to use ?
I'm on Laravel 4.2, I'm using Redirect::away('/test'), not sure if the function is there yet on Laravel 4.1.
Related
My Vue.js app switches from HTTPS to HTTP after the user logs in, and I'm not sure why. The Vue.js front-end is served using nginx, and uses Axios to access an Express back-end API that queries a local MongoDB server for login and a remote SQL Server for data. If someone could provide any guidance, that would be much appreciated, as this is for a work project.
I'm not sure if this could be a clue, but after logging into a session in the app, if I open a new tab and manually enter a URL for a view that doesn't access the Express back-end (https://subdomain.website.com/view_that_doesnt_access_express_api), the site will be secure under HTTPS, but if I do the same with a view that does access the Express back-end (https://subdomain.website.com/view_that_accesses_express_api), the site will be unsecure and the HTTPS in the location bar is shown crossed out in red.
nginx is configured with SSL and redirects 80 to 443 as follows (/etc/nginx/sites-available/project):
server {
listen 80;
server_name subdomain.website.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name _;
ssl_certificate /path/to/my/cert.crt;
ssl_certificate_key /path/to/my/key.rsa;
root /path/to/my/dist;
index index.html
access_log /var/log/nginx/site.access.log;
error_log /var/log/nginx/site.error.log;
location / {
try_files $uri /index.html =404;
}
}
The Express server is also configured to be HTTPS (app.js) with the same certification files used by nginx:
var httpscert = fs.readFile('cert.crt');
var httpskey = fs.readFile('key.rsa);
var options = {
key: httpskey,
cert: httpscert
};
var server = https.createServer(options, app);
server.listen(3000, function () {
console.log("Express HTTPS running on 3000");
})
Axios (Service.js):
import Api from '#/services/Api'
export default {
loginUser (email, password) {
return Api().post('login', {
email: email,
password: password
})
}
}
Axios (Api.js):
import axios from 'axios'
export default() => {
return axios.create({
baseURL: 'https://192.168.10.117:3000'
})
}
This is my first question on StackOverflow, so please let me know if I'm not asking this question correctly.
Thank you.
You said:
but if I do the same with a view that does access the Express back-end (https://subdomain.website.com/view_that_accesses_express_api), the site will be unsecure and the HTTPS in the location bar is shown crossed out in red.
That does not mean your setup is wrong, it just means you have on that page an asset that is served via HTTP, instead of HTTPS. And that's why the lock is crossed.
You should inspect your page source and check for any scripts or styles that are loaded via HTTP. Change those to be HTTPS and you should be good to go.
A client that follows redirects can be created as follows:
WebClient.builder()
.clientConnector(new ReactorClientHttpConnector(
HttpClient.create().followRedirect(true)
))
After invoking a HEAD request on a URL, how can the final Location header be retrieved? In other words, how can we get the final URL redirected to?
It is true that HttpClient#followRedirect(true) enables the redirection.
However there is also HttpClient#followRedirect(BiPredicate<HttpClientRequest,HttpClientResponse>), here you can control more precisely when you want to redirect and in addition to this you have always access to the response and the Location header, so in any time you will know to which location there will be a redirection.
More info here and here
For example
WebClient.builder()
.clientConnector(new ReactorClientHttpConnector(
HttpClient.create().followRedirect((req, res) -> {
System.out.println(res.responseHeaders().get("Location"));
return HttpResponseStatus.FOUND.equals(res.status());
})
))
I am transferring a site from the defunct OpenShift v2, to LightSail on AWS. I have the app up and running on LightSail at localhost:3333, forwarded externally. I am able to pull up the site using the site-url.com
However, when attempting to login to the app (using Passport Facebook). The callback url is getting set to 127.0.0.1, instead of the whitelisted (facebook dev) www.site-url.com
https://www.facebook.com/dialog/oauth?response_type=code&redirect_uri=http%3A%2F%2F127.0.0.1%3A3333%2Fauth%2Fwww.site-url.com%2Fauth%2Ffacebook%2Fcallback&scope=email&client_id=XXX
Relevant login code:
const appUrl = "www.site-url.com";
const callbackURL = appUrl + "/auth/facebook/callback";
passport.use(new FacebookStrategy({
clientID: clientID,
clientSecret: clientSecret,
callbackURL: callbackURL,
profileFields: ['id', 'displayName', 'email']
},
...
app.get('/auth/facebook',
passport.authenticate('facebook', { scope: ['email'] }));
app.get('/auth/facebook/callback',
passport.authenticate('facebook',{
successRedirect: appUrl + '/profile',
failureRedirect: appUrl + '/?login-failed'}
));
I added appUrl, in an attempt to fix it via server code. However, I have a feeling Apache would be better suited at fixing this.
I setup the Proxy, following these instructions, and tried all variations of 127.x/site-url.com
ProxyPass / http://127.0.0.1:3333/
# ProxyPass / http://www.site-url.com/
ProxyPassReverse / http://127.0.0.1:3333/
# ProxyPassReverse / http://www.site-url.com/
Anyone have any ideas?
Turning on PreserveHost solved the issue, Facebook is now receiving the correct callback url
PreserveHost:
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:3333/
ProxyPassReverse / http://127.0.0.1:3333/
Apache config:
vim /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf
Append: Include "/home/bitnami/conf/httpd-app.conf
Start up the app using screen to avoid shutdown when SSH process is killed. Maybe try nodemon for resiliency
Thanks, #DusanBajic!
I have the following problem:
I'm running a router with openwrt and a lighttpd webserver and i'm trying to redirect https traffic to a specific domain.
Here is my lighttpd.conf:
$SERVER["socket"] == ":443" {
url.redirect = (
"" => "http://name.tld",
)
}
If I call routerip:443 everything works fine,
but when I call https://routerip it gives me an error, for example:
ERR_NETWORK_CHANGED
or something with DNS_ERROR
I suspect it is relying explicitly on the redirect destination, which in your example still uses "http" as the protocol. Try modifying your redirect to include https:
url.redirect = (
"" => "https://name.tld",
)
I just installed ssl certificate on my site to change the URL from http:// to https:// Everything is complete and i also added a code in my httpd.conf file to automatically add https :// to the UR So the connection is always secure.
However I am facing a problem when i try to login into the Admin Panel. It Goes in a redirect Loop and the webpage gives me a "This webpage has a redirect loop" Error.
https://mysite.com Loads fine but https:/mysite.com/admin goes into a redirect loop.
site is built up using codeigniter Framework for php.
Please Help.
I added this code to my httpd.conf file
#
# Redirect http Request to https
# The lines below are used to redirect http request to https
#
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
Open config file from location application/config/config.php and enable or set hooks to true like this:
$config['enable_hooks'] = TRUE;
Then create a new file named hooks.php inside the config folder (i.e. application/config/hooks.php) and add the following code in it:
$hook['post_controller_constructor'][] = array(
'function' => 'redirect_ssl',
'filename' => 'ssl.php',
'filepath' => 'hooks'
);
Now create a new directory named hooks inside the application folder (i.e. application/hooks) and then create a new file named ssl.php inside the hooks folder (i.e. application/hooks/ssl.php).
Add the following code in the ssl.php file:
function redirect_ssl() {
$CI =& get_instance();
$class = $CI->router->fetch_class();
$exclude = array('client'); // add more controller name to exclude ssl.
if(!in_array($class,$exclude)) {
// redirecting to ssl.
$CI->config->config['base_url'] = str_replace('http://', 'https://', $CI->config->config['base_url']);
if ($_SERVER['SERVER_PORT'] != 443) redirect($CI->uri->uri_string());
} else {
// redirecting with no ssl.
$CI->config->config['base_url'] = str_replace('https://', 'http://', $CI->config->config['base_url']);
if ($_SERVER['SERVER_PORT'] == 443) redirect($CI->uri->uri_string());
}
}