Laravel 5 force HTTPS issue with login routing to

2019-08-14 16:36发布

Laravel Version: Laravel 5.4.30

I am having an issue whereby my production code is hosted on AWS Elastic Beanstalk behind a load balancer served via HTTPS. When using the built in auth trait and make:auth controllers to validate user login, upon login form submission the user is being redirected to:

http://application-url rather than https://application-url/dashboard

In the LoginController it should route after login to the /dashboard

 /**
 * Where to redirect users after login.
 *
 * @var string
 */
protected $redirectTo = '/dashboard';

On the login controller when I view the source of the blade login template I can see the form submits to the correct URL, https://application-url/login.

I am using the following to force HTTPS in the AppServiceProvider.php file:

    if (!\App::environment('local')) {
        \URL::forceScheme('https');
    }

Once the user has 'authenticated' and the browser cannot resolve the http version, upon clicking the back button on they are sent to the correct /dashboard route.

Is there another location upon login form submission that I am missing?

1条回答
混吃等死
2楼-- · 2019-08-14 17:10

Just in case someone still bumps into this, the Documentation says:

When running your applications behind a load balancer that terminates TLS / SSL certificates, you may notice your application sometimes does not generate HTTPS links. Typically this is because your application is being forwarded traffic from your load balancer on port 80 and does not know it should generate secure links.

It is basically caused by a request passing an unknown layer in it's way to your instance.

Solution for AWS

Modify the TrustProxies middleware included in App\Http\Middleware:

// The trusted proxies (array)
protected $proxies = '*';

//The current proxy header mappings (also array)
protected $headers = Request::HEADER_X_FORWARDED_AWS_ELB; 
查看更多
登录 后发表回答