Support the ongoing development of Laravel.io →
longestdrive
posted 9 years ago
Security Requests
Last updated 1 year ago.
0
martinstoeckli
replied 9 years ago

How did you create those links to a HTTPS page? For relative links it is the normal behaviour to adopt the to the protocol of the current page.

It is indeed a good idea to serve the whole site with HTTPS, switching between HTTP and HTTPS is a tricky thing. There is for example the session id which is normally passed with a cookie. This cookie can only be sent to HTTPS pages, otherwise you expose the session id. Of course you will loose the session then. I wrote a small article about Switching between HTTP and HTTPS where i tried to explain this a bit more indepth.

Last updated 1 year ago.
0
garbee
replied 9 years ago

Why not just always have HTTPS on and keep everything secure? If you have it there is no point not to.

Last updated 1 year ago.
0
llbbl
replied 9 years ago

I have been struggling with this problem for the last 30 minutes. The options as I see them.

1) Set everything to https

pros: everything secure, simple once setup

cons: Have to change web server to force https if it is setup to work with both (which mine is atm). Also need to generate self signed cert for local dev.

how: URL::secureAsset which is a shortcut to URL::asset('link' , true) ... this executes faster than other helpers, apparently

2) Check for secure in Router or Controller and Have multiple Views

pros: flexible (works with both), dont have to generate self signed certs, can still force https on prod when we get to it

cons: maintain multiple views

how: before view is loaded >> if (Request::secure()) then load different views

3) Check for secure in Router or Controller and pass parameter to the View

pros: flexible (works with both), dont have to generate self signed certs, can still force https on prod when we get to it

cons: Add some more code to the view?

how: before view is loaded >> if (Request::secure()) then pass true/false to view. must use URL::asset('link' , true) obviously.

Think I am going with #3 :)

Last updated 9 years ago.
0
studiodaniels
replied 9 years ago

Hi, I have also problems with using HTTPS urls. I want to put a couple of views under SSL... like this example

Route::get('test', array( 'https', function() { return View::make('test'); } ));

And my link: <a href="{{ secure_url('test', $parameters = array()) }}" title="">test</a>

I made a route like above in routes.php and I made the view 'test' in my folder 'views', but I got a error (403 - forbidden)..

I'm working on a shared server (Apache) and outside Laravel I use a folder called 'private_html' where I put secure html or php files into. I have Laravel installed at the root (above this 'private_html' folder).. Anyone a solution of what I have to do to let this work?

with regards, Gerard

0

Sign in to participate in this thread!

Eventy

Your banner here too?

longestdrive longestdrive Joined 3 Feb 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
Skynet Technologies
Steadfast Collective
BairesDev
Remotely Works

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X Twitter GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise