logout going to http
Hi
I am working on a fairly new system, and in my local dev environment, everything is done over HTTP, which is fine, however, when it goes into prod, we have it setup on HTTPS.
The odd thing is whenever I click the profile and log out, I get a screen saying "The information you are about to submit is not secure" with 2 buttons "Send anyway" and "Go Back".
Clicking send anyway works, and the user is logged out, but what's confusing me is why the users are even getting to that page. For some reason, this page is served over HTTP not HTTPS like the rest of the site. I cannot see anywhere it's configured to use HTTPS.
Looking in .env, I have the APP_URL as the https version. Has anyone else seen this and resolved it, or know what I need to do to resolve it?
3 Replies
Hi.
Do you have a reverse proxy before your web server or do you make a proxy pass ?
Ah, we do have HAProxy in front of the sites, so that connects over HTTP
though not sure if that's the issue, as it's (as far as I can tell) only the signout "form" that gets the http url
Oh no, it is all links that are http, they just redirect to https
OK, got it fixed, I had to use the forceScheme to https in AppServiceProvider
Yes or maybe configure you Haproxy to send scheme like X-Forwarded-Proto