Level 51
Update APP_URL in your .env file with https in the front of it. And make it serve HTTPS in your local too.
1 like
Dec 9, 2022
14
Level 8
HTTPS to local HTTP - how to make login work?(Or, how to properly redirect HTTPS to HTTP?)
I have an domain that is setup with an SSL certificate using Let's Encrypt so it only works via https://example.com/.
This domain is connected via WireGuard tunnel to my home PC which serves the app via local IP 192.168.10.10 without SSL so while developing I simply go to http://192.168.10.10 without certificate.
I used Breeze for the authentication.
Everything works well when I use my app locally via the local IP. But when I go to my domain at https://example.com/ some things don't work. For example login - when I go to https://example.com/login and try to login, it first prompts me the The information you’re about to submit is not secure page because locally Laravel is not using HTTPS. Then when I click Send Anyway it simply refreshes the login page instead of logging in.
Why? And can I do something to make it work?
Update: When I manually write in the login page
<form method="POST" action="https://www. example.com/login">
instead of
<form method="POST" action="{{ route('login') }}">
Then it works from the domain! But then I get 419 | Page Expired from my local login page
Ty
Level 8
@MohamedTammam thanks but how do I install a certificate in local? Is it possible?
Level 51
@Ligonsker Not really, try installing OpenSSL.
1 like
Level 8
@MohamedTammam thanks I will try.
Btw as you see above, when I change the form to https then I get 419 Expired. Could that be because the CSRF token is being hashed when using HTTPS, then it sends the hashed value to my local PC which doesn't know how to read it?
Level 51
@Ligonsker Yes, just change the APP_URL. and if you open the website using HTTPS then the form should point to HTTPS.
1 like
Level 24
@Ligonsker what about you type http://example.com in browser, the traffic pointing to https://example.com ?
1 like
Level 24
@Ligonsker i want to know what happen if use relative path
<form method="POST" action="{{ route('login', [], false) }}">
or
<form method="POST" action="/login">
1 like
Level 51
@newbie360 That would work, but I would always use HTTPS incase the network has an error I get notified that the app doesn't work by users.
That's why I think it's better to use route method and change the URL using .evn variable depending on the environment.
Level 24
@MohamedTammam hmm i don't know is that good or bad, i write a helper use it all the time
function routeUri(string $routeName, $parameters = []): string
{
return route($routeName, $parameters, false);
}
{{ routeUri('posts.create') }}
and i saw Laracasts is use relative path too, inspect the left menu link
Level 8
@newbie360 Omg what? That works! But how O_O
I mean when I write {{ route('login', [], false) }}
Level 24
@Ligonsker the 3rd parameter of helper route() default is true, and it will output a full URL
you can make a wrapper, set it false
function routeUri(string $routeName, $parameters = []): string
{
return route($routeName, $parameters, false);
}
// http://example.com/posts/create
{{ route('posts.create') }}
// /posts/create
{{ routeUri('posts.create') }}
// /posts/show/1
{{ routeUri('posts.show', $post) }}
1 like
Level 6
@Ligonsker If you need local encryption while developing, you can let Laravel Valet create the certificate for you.
I don't know what type of local development environment you have, but I can highly recommend Laravel Valet. Super easy to set up and to use.
1 like
Level 8
@newbie360 but in my case it doesn't look like I need wrapper because now it works for both. But how? I thought that the website on https encrypts the data and in this case even the csrf token. So what happens here? I log in from the https website that sends the form parameters encrypted because of the SSL, but my actual app is not using SSL. So how can it read this data?
Level 24
@Ligonsker well no idea =( i never pointing the domain name to local development
Please or to participate in this conversation.