-
-
Notifications
You must be signed in to change notification settings - Fork 374
Authentice redirect_uri returning http not https #30
Comments
I've noticed this behavior as well. I'm not 100% sure that it's being caused by this package. Like you I've tried looking through the source to no avail. My hunch is that it has something to do with Laravel Valet. Usually, what I'll do as a remedy is add both http and https variations of my testing urls. |
Good point @ncpope I've done that for now and will do a test prod deploy later. Thanks |
Hey @Gorbutt! Hmm... Source for the URL is here... The package directly calls this here... My digging suggests Laravel knows you're using HTTPS and makes the I guess I could use secure_url instead and all will be fine. I'll mod it, test it, and push an update. Its probably a confusing on Valet and Laravel so this should force it to HTTPS :) |
@Gorbutt In testing... http works, https works. Using ngork, yes it has an issue. Its still possible (not recommended) to dev an app without https, so I'm hesitant to use secure_url unless really needed. Can you try adding this to your middleware folder: namespace MyApp\Http\Middleware;
use Closure;
class HttpsProtocol {
public function handle($request, Closure $next)
{
if (!$request->secure()) {
return redirect()->secure($request->getRequestUri());
}
return $next($request);
}
} Then in Kernel.php, add it to your middleware array... protected $middleware = [
//... other stuff...
'MyApp\Http\Middleware\HttpsProtocol'
]; Boot up and see if this solves the ngork issue? |
Thanks, It took some tweaking,
Changed MyApp to App, however now I get "too many redirects" warning and blocked. It also apears this may relate to an issue that if I leave it alone for a while I get a CSP block error. It does look like this dev workflow does not like ngrok :-) |
Actually... Makes sense yeah it's going to keep redirecting hmm.. does
whitelisting both http and HTTPS work fine when editing app in partner
dashboard?
…On Tue, May 29, 2018, 9:49 PM Gorbutt, ***@***.***> wrote:
Thanks, It took some tweaking,
\App\Http\Middleware\HttpsProtocol::class,
Changed MyApp to App, however now I get "too many redirects" warning and
blocked. It also apears this may relate to an issue that if I leave it
alone for a while I get a CSP block error. It does look like this dev
workflow does not like ngrok :-)
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#30 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACTuOp4jSge9wTaVJvCf_j0v0vLbN1N_ks5t3frEgaJpZM4UQKg8>
.
|
yes, it does. However, I am getting a Content-Security-Policy (block-all-mixed-content) issue if I leave it overnight (session expires?), I have to trigger a re-authentication (/login) to keep developing. I suspect that's another side effect of ngrok in this case. |
Hmm I can't reproduce this for normal environment and HTTPS one via valet and docker. Not sure how to handle this issue for ngork, possibly no way to.. will think on it. |
I may have a fiddle later to see if I can override and have an ngrok thing in config, or because I know how to handle, I can deal with it. I can always tweak the code to force a https return knowing it will die on updates :-) I suspect it's because ngrok comes in to https:// but valet is just unsecure. Sadly valet share does not play nice with valet secure at the moment. |
It looks there may be a way to fiddle with ngrok and laravel valet to have valet secure & share working. I'll try it hopefully tonight if I get a chance. |
If you're using valet, it's exactly what I use for basic testing. Secure
and share works for me and HTTPS works fine, let me know :)
…On Wed, May 30, 2018, 8:31 AM Gorbutt, ***@***.***> wrote:
It looks there may be a way to fiddle with ngrok and laravel valet to have
valet secure & share working.
laravel/valet#148 <laravel/valet#148>
I'll try it hopefully tonight if I get a chance.
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#30 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACTuOmUYonbAPMtLUGyQFbk2-l44xeBZks5t3pEHgaJpZM4UQKg8>
.
|
I had a fiddle with this, not perfect. I'll explore more over the next week or so. I can work around the problems for now. |
Sure, sorry I cant be of more help on it, just hesitant force https on the route and cause issues. I'll close for now but if you think of something that may help, feel free to ping. |
I have just experienced this issue, but oddly, everything worked fine, until I uninstalled the app and tried to reinstall. I can manually edit the URL in the address bar, but this is far from ideal. I don't see how this issue was resolved.... |
Just testing this and noticed that when you attempt to install the app I receive the following error. (store names and urls redacted to protect the guilty!!)
Oauth error invalid_request: The redirect_uri is not whitelisted
however https://xxx.ngrok.io/authenticate is listed. On digging deep, I see the full Uri returned by this package is
https://xxxx.myshopify.com/admin/oauth/authorize?client_id=4b6b4752c52433568d44fae5b68798d3&scope=read_products,read_orders&redirect_uri=http://xxxx.ngrok.io/authenticate
As you see the redirect_uri is only http.(redirect_uri=http://xxxx.ngrok.io/authenticate) I've poked around the src and also the config and can't see what I've missed (which is highly possible).
Thanks for making this plugin, certainly made the first part easy.
The text was updated successfully, but these errors were encountered: