Support the ongoing development of Laravel.io →
Configuration Security Requests
Last updated 4 months ago.
0

I found the solution myself. The problem was that Laravel was unaware whether the request was secure or not because nginx didn't pass the HTTPS parameter.

For those who wonder, you can add it with this line in the nginx config:

fastcgi_param  HTTPS on;

In that case the first example works. The second example worked partly because of the poor implementation of in_array(). The next function, located in Illuminate/Routing/Route.php returns true even if a key name of the array is "https".

public function httpOnly()
{
        return in_array('http', $this->action);
}

A better function would be to add true to make it strict and more correct.

public function httpOnly()
{
        return in_array('http', $this->action, true);
}
Last updated 4 months ago.
0

For what its worth. I had this same issue earlier today when using Jasons new Dingo API. In my development environment I was using Apache 2.2.15 (CentOS back port) and have disabled HTTP (i.e. only running HTTPS).

A basic default route wouldn't work due to me making my API call over HTTPS and Illuminate\Routing\Matching\SchemeValidator presuming I should only be making such call over HTTP.

I'm not sure if this is a Laravel issue or an issue with Dingo so will open a GitHub issue with Dingo and see how we get on.

Last updated 4 months ago.
0

Sign in to participate in this thread!

LoadForge

Your banner here too?

RobinTheb robintheb Joined 21 Mar 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

© 2022 Laravel.io - All rights reserved.