R
Railway15mo ago
austinm

'The information you’re about to submit is not secure'

I have a very simple fastAPI page that I just began hosting through github on railway. It has a text file upload form. When the form is submitted, the page shows: The information you’re about to submit is not secure Because this form is being submitted using a connection that’s not secure, your information will be visible to others. I can click 'send anyway' and the site continues as intended, I just don't want that message popping up for users. I have cleared cache, and tried on other devices.
15 Replies
Percy
Percy15mo ago
Project ID: 76839ba3-823f-432f-8aa5-804dc9bf80d7
austinm
austinmOP15mo ago
76839ba3-823f-432f-8aa5-804dc9bf80d7 here is the site: https://fastapi-production-23e9.up.railway.app/
Brody
Brody15mo ago
your flask server is sending a 307 redirect response back on that post request, to the same url but unsecure
Brody
Brody15mo ago
No description
Brody
Brody15mo ago
No description
austinm
austinmOP15mo ago
yeah, I tried fixing that by explicitly stating https in the form submit: <form action="https://fastapi-production-23e9.up.railway.app/uploadfile" method="post" enctype="multipart/form-data" id="uploadForm"> But still get the redirect to http
Brody
Brody15mo ago
that wouldnt fix it, this is the flask server thats sending the redirect response if you have some type of middleware that makes sure incoming requests are performed with https, you can either trust the proxy headers or remove it since you just cant use http on railway anyway
austinm
austinmOP15mo ago
ok thanks. Let me check the middleware. Sorry if I have stupid questions, kinda new to this
Brody
Brody15mo ago
no worries at all
austinm
austinmOP15mo ago
I added this to the fastapi backend: app.add_middleware(TrustedHostMiddleware, allowed_hosts=["*"], allow_any=True) app.add_middleware(HTTPSRedirectMiddleware) Not sure if this is the correct approach but the app is just not working at all now haha 'This page isn’t workingfastapi-production-23e9.up.railway.app is currently unable to handle this request.'
Brody
Brody15mo ago
i did say you can remove the https redirect middleware and you then added it lol
austinm
austinmOP15mo ago
haha my bad. I thought I needed that. I didn't have any middleware setup previously. Can you tell me if my undertsanding is correct: When the app gets a request to the upload endpoint, it is being redirected via http which is insecure. So I need to make sure it is not redirecting to http??
Brody
Brody15mo ago
correct, somewhere in your code there is something that is trying to redirect the incoming request to http
austinm
austinmOP15mo ago
got it working. Changed the endpoint from /upload_file to /upload_file/. Really don't know how I would've figured that out besides dumb luck. Thanks for your help and patience
Brody
Brody15mo ago
no problem!
Want results from more Discord servers?
Add your server