Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin Panel 405 Method Not Allowed #549

Closed
joshcsullivan opened this issue Apr 12, 2019 · 3 comments
Closed

Admin Panel 405 Method Not Allowed #549

joshcsullivan opened this issue Apr 12, 2019 · 3 comments

Comments

@joshcsullivan
Copy link

Hello,

I currently serve Isso from a server independent of my blog. When I go to the admin interface I get a 405 Method Not allowed response after submitting the password.

Checking the network response I get a 301 Moved Permanently.

Here is the network response from my browser (Brave):
20190412-102158

I'm running isso 0.12.2 on Ubuntu 18.04

[admin]
enabled = true
password = notmyrealpassword

Hosts include every variation of the blog URL and the comments URL, including /login and /admin

Comments are working on the site and SMTP notifications are coming through, the only issue is accessing the admin panel.

Thanks,
Josh
@joshcsullivan
Copy link
Author

Had to migrate it to my production server, and it was working afterward. I'm pretty sure it was related to Redirect all HTTP traffic to HTTPS in the Let's Encrypt cert process that I always include.

Can HTTPS access be added to the admin panel?

Thanks,
Josh

@jelmer
Copy link
Member

jelmer commented Apr 15, 2019

That's all in your server configuration; there is nothing in /admin per se that deals with https vs plain http.

@jelmer jelmer closed this as completed Apr 15, 2019
@Losses
Copy link

Losses commented Oct 5, 2019
edited

@joshcsullivan @OmisNomis @MrCappuccino I found a lot of people have similar problem, here are some solution:

Solution 1: CSP

Whatever you are using like Apache or Nginx, add a header to the server response:

Content-Security-Policy: upgrade-insecure-requests;

Everything will work now, for a reference, please checkout: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests

If you are using Nginx, please checkout my configuration:

server {
    listen       443;
    server_name  [xxxxxxxxxxx];

    ssl                     on;
    ssl_certificate         [xxxxxxxxxxx];
    ssl_certificate_key     [xxxxxxxxxxx];
    ssl_trusted_certificate [xxxxxxxxxxx];

    location / {
        proxy_set_header  Host $http_host;
        proxy_set_header  X-NginX-Proxy true;
        proxy_pass        http://127.0.0.1:[xxxxxx]/;
        proxy_redirect    off;
        add_header Content-Security-Policy "upgrade-insecure-requests" always;
    }
}

server {
    listen        80;
    server_name   [xxxxxxxxxxx];

    location ^~ /.well-known {
       root [xxxxxxxxxxx];
    }

    location / {
       return 301 https://$server_name$request_uri;
    }
}

But I dont think this could be a proper solution, a proper way to fix this from isso side is replace all http://example.com/xxxx to //example.com/xxx as I said in #576

Solution 2

(Not verified but should work based on the source code)

Edit your configuration file:

[server]
public-endpoint=//example.com

Notice. leave it as //example.com but not http://example.com or https://example.com will make your site works both for http and https

Really hope this would help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jelmer @Losses @joshcsullivan