Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Https problem #20

Closed
alibo opened this issue Jan 23, 2015 · 9 comments
Closed

Https problem #20

alibo opened this issue Jan 23, 2015 · 9 comments

Comments

@alibo
Copy link

alibo commented Jan 23, 2015

Hi,
When I enable https on my website, everything goes wrong. please add an option in config file to enable secure (https) mode.
Thank you;)
@noxify
Copy link
Contributor

noxify commented Jan 23, 2015

Hi,

Can you give us some more Information?

What is going wrong?
Did you get an error or something else?

@alibo
Copy link
Author

alibo commented Jan 24, 2015

Thank you for your reply.

The problem is with resources and urls:

Http:
http

Https:
https

@noxify
Copy link
Contributor

noxify commented Jan 24, 2015

Hi,

i think the problem is the admin_asset helper, which is defined here:

vendor/Pinpong/Admin/src/Pingpong/Admin/helpers.php

We have here the following function:

if ( ! function_exists('admin_asset'))
{
    /**
     * Get admin asset url.
     * 
     * @param  string  $url
     * @param  boolean $secure
     * @return string
     */
    function admin_asset($url, $secure = false)
    {
        return asset("packages/pingpong/admin/" . $url, $secure);
    }
}

In the partials/style.blade.php view (inside the views directory of the package), we have the following:

<link href="{{ admin_asset('components/bootstrap/dist/css/bootstrap.min.css') }}" rel="stylesheet" type="text/css"/>
<link href="{{ admin_asset('components/fontawesome/css/font-awesome.min.css') }}" rel="stylesheet"
type="text/css"/>
<!-- Ionicons -->
<link href="//code.ionicframework.com/ionicons/1.5.2/css/ionicons.min.css" rel="stylesheet" type="text/css"/>
<!-- Morris chart -->
<link href="{{ admin_asset('adminlte/css/morris/morris.css') }}" rel="stylesheet" type="text/css"/>
<!-- jvectormap -->
<link href="{{ admin_asset('adminlte/css/jvectormap/jquery-jvectormap-1.2.2.css') }}" rel="stylesheet" type="text/css"/>
<!-- Date Picker -->
<link href="{{ admin_asset('adminlte/css/datepicker/datepicker3.css') }}" rel="stylesheet" type="text/css"/>
<!-- Daterange picker -->
<link href="{{ admin_asset('adminlte/css/daterangepicker/daterangepicker-bs3.css') }}" rel="stylesheet" type="text/css"/>
<!-- bootstrap wysihtml5 - text editor -->
<link href="{{ admin_asset('adminlte/css/bootstrap-wysihtml5/bootstrap3-wysihtml5.min.css') }}" rel="stylesheet" type="text/css"/>
<!-- Theme style -->
<link href="{{ admin_asset('adminlte/css/AdminLTE.css') }}" rel="stylesheet" type="text/css"/>

As we can see, there is no third argument, so the script will use the HTTP link instead of the HTTPS link.

You can overwrite the view inside the "local" views directory

You should also check the script.blade.php :)

Hope this helps :)

Greets from Germany,
Marcus

@alibo
Copy link
Author

alibo commented Jan 25, 2015

Thank you very much;)
Now, I just have another problem with forms like login form. I don't know how to change action url without changing the source.

I also can redirect all http requests to https but it's risky because of SSLstrip attacks.

@noxify
Copy link
Contributor

noxify commented Jan 26, 2015

Hi,

you can add a filter something like this: http://stackoverflow.com/a/19968614/2769836

I have solve the problem with my own module, which overwrites the routes from the admin package.

I have copied the routes.php from the source package and copied it into my module routes.php.
If you're not using the modules package, you can try to put it into the app/routes.php.

@noxify
Copy link
Contributor

noxify commented Jan 26, 2015

Or if you want the view (e.g. login.blade.php) directly you can overwrite the package view.

http://laravel.com/docs/4.2/packages#package-views

This should help you to copy the package views without effort ;)

Hope this helps.

@alibo
Copy link
Author

alibo commented Jan 28, 2015

Thank you;)
I published the views and copied the package routes into the app/routes.php as you said. it works fine now. thanks;)
But I had to change these methods: route() and action() to Url::to(). they don't have $secure parameter to enable secure mode. also when I add 'https' to my routes, they are only redirected to https://... ,but in the views they are 'http://...' I think it's an issue for laravel 4.2

@alibo alibo closed this as completed Jan 28, 2015
@noxify
Copy link
Contributor

noxify commented Jan 29, 2015

Hi,

thanks for your feedback.

I did not test it, but based on this answer:
http://stackoverflow.com/a/19968614/2769836

You can create a new before filter, which redirects your HTTP Requests to HTTPS.

Then you can use, if I'm not wrong, the route() method again.

@jeremykenedy jeremykenedy mentioned this issue Aug 9, 2015
Closed
@developerdino
Copy link

Hi @alibo,

I see that you have implemented a work around for your project instance, but this is still an issue in the latest version.

Could you please reopen this issue as I think there should be a proper fix for it. I might even have a go at it myself if I can find the time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@noxify @developerdino @alibo