Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Middleware\LocaleSessionRedirect can't handle request url from proxy server , cause https to http #765

Open
spawnash opened this issue Dec 15, 2020 · 5 comments
Labels

Comments

@spawnash
Copy link

spawnash commented Dec 15, 2020

Describe the bug
i'm using reverse proxy server to handle ssl and load balance
this middleware Mcamara\LaravelLocalization\Middleware\LocaleSessionRedirect will handle the url with locale prefix,
but at line:51 it will parse url from https to http , i guess the reason is this func parse url from load balance request url not client request url

To Reproduce
Steps to reproduce the behavior:

  1. i'm using valet share to reproduce
  2. visit a route without locale prefix
  3. die dump the handled url($redirection) which middleware dose
  4. See error
    image

image

Expected behavior
return correct url

More info:

  • Version of Laravel :5.8
  • Version of the Laravel-localization package:1.3.2
  • Which middleware is used in Route::groups: Mcamara\LaravelLocalization\Middleware\LocaleSessionRedirect
@spawnash spawnash changed the title LocaleSessionRedirect can't handle request url from proxy server , cause https to http Middleware\LocaleSessionRedirect can't handle request url from proxy server , cause https to http Dec 15, 2020
@dsqwared5
Copy link

dsqwared5 commented Jun 18, 2022

Describe the bug i'm using reverse proxy server to handle ssl and load balance this middleware Mcamara\LaravelLocalization\Middleware\LocaleSessionRedirect will handle the url with locale prefix, but at line:51 it will parse url from https to http , i guess the reason is this func parse url from load balance request url not client request url
...
hi, did you fixed it? I have the same issue

@tominal
Copy link

tominal commented Sep 27, 2024

Oh wow this is a significantly older issue and I'm encountering it in a multi-tenancy setup in 2024.

This will always occur when a load balancer sends traffic in HTTP instead of HTTPS. I'm not sure what the fix here would be beyond adding a new flag to this repository's config file that forces HTTPS all the time. Actually, if we configure our ALB to forward traffic to an EC2 using HTTPS, then that should take care of this issue.

@iwasherefirst2
Copy link
Collaborator

Hi everyone,

Thanks for bringing this up! I’m interested in helping with this issue, but I’m unsure how to reproduce it locally. If someone could write a failing test case and create a PR, that would be super helpful. It would give me a clearer understanding of the problem and make it easier to contribute effectively.

@tominal
Copy link

tominal commented Dec 9, 2024

If someone could write a failing test case and create a PR, that would be super helpful. It would give me a clearer understanding of the problem and make it easier to contribute effectively.

I bet all we'll need to do is have a test case for an HTTPS URL here and it'll try to redirect to HTTP.

protected const TEST_URL = 'http://localhost/';

If someone doesn't beat me to it I can poke at it later!

@tominal
Copy link

tominal commented Jan 3, 2025

Hey @iwasherefirst2,

I updated the TEST_URL to https and 7 tests fail. I'm a bit confused though where the "responsibility" lies i.e. Laravel vs laravel-localization. The Laravel URL generator will return HTTP since the application doesn't think the request is secure.

If \URL::forceScheme('https'); in a service provider forces the HTTPS, then that would mean all children servers in a load balanced setup would need to issue their own SSL certificates which can become a mess at least in the project I'm looking at.

Thoughts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants