Quantcast

How to force DebugKit to use HTTPS for its requests?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

How to force DebugKit to use HTTPS for its requests?

Ethan Pooley
Apps running on Heroku can be requested via HTTPS even though the app and Web server don't know anything about it. Apps behind CloudFlare have a similar option.

In this environment, DebugKit may be blocked as "mixed content" because the request for it happens via HTTP. My browser (Firefox 43) says this:

Blocked loading mixed active content "http://myappname.herokuapp.com/debug_kit/toolbar/27dac57d-6616-4450-8926-ee75512bde70"      toolbar.js:53:2

What would be the preferred method of forcing DebugKit to use HTTPS in its base URL? When I look at the page source, I find this element:

<script id="__debug_kit" data-id="927dac57d-6616-4450-8926-ee75512bde70" data-url="http://myappname.herokuapp.com/" src="/debug_kit/js/toolbar.js"></script>

It seems I either need to force the protocol in the "data-url" attribute, or else configure it to ignore the base URL and to try loading the path from "src" relative to the browser's notion of the base URL.

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to force DebugKit to use HTTPS for its requests?

mark_story
If you set the `App.fullBaseUrl` value in Configure, debug kit should respect that and generate links accordingly. This will also force the rest of the URLs generated in your app to use that base url prefix which can be handy.

-Mark


On Tuesday, 29 December 2015 05:46:32 UTC-5, Ethan Pooley wrote:
Apps running on Heroku can be requested via HTTPS even though the app and Web server don't know anything about it. Apps behind CloudFlare have a similar option.

In this environment, DebugKit may be blocked as "mixed content" because the request for it happens via HTTP. My browser (Firefox 43) says this:

Blocked loading mixed active content "<a href="http://myappname.herokuapp.com/debug_kit/toolbar/27dac57d-6616-4450-8926-ee75512bde70" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\75http%3A%2F%2Fmyappname.herokuapp.com%2Fdebug_kit%2Ftoolbar%2F27dac57d-6616-4450-8926-ee75512bde70\46sa\75D\46sntz\0751\46usg\75AFQjCNFUMgv9lXkZ7sNP5KaN3Yua6cd8Yw&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\75http%3A%2F%2Fmyappname.herokuapp.com%2Fdebug_kit%2Ftoolbar%2F27dac57d-6616-4450-8926-ee75512bde70\46sa\75D\46sntz\0751\46usg\75AFQjCNFUMgv9lXkZ7sNP5KaN3Yua6cd8Yw&#39;;return true;">http://myappname.herokuapp.com/debug_kit/toolbar/27dac57d-6616-4450-8926-ee75512bde70"      toolbar.js:53:2

What would be the preferred method of forcing DebugKit to use HTTPS in its base URL? When I look at the page source, I find this element:

<script id="__debug_kit" data-id="927dac57d-6616-4450-8926-ee75512bde70" data-url="<a href="http://myappname.herokuapp.com/" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\75http%3A%2F%2Fmyappname.herokuapp.com%2F\46sa\75D\46sntz\0751\46usg\75AFQjCNF6dzGJuvJRdybEcoU6Azz8YGU8HQ&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\75http%3A%2F%2Fmyappname.herokuapp.com%2F\46sa\75D\46sntz\0751\46usg\75AFQjCNF6dzGJuvJRdybEcoU6Azz8YGU8HQ&#39;;return true;">http://myappname.herokuapp.com/" src="/debug_kit/js/toolbar.js"></script>

It seems I either need to force the protocol in the "data-url" attribute, or else configure it to ignore the base URL and to try loading the path from "src" relative to the browser's notion of the base URL.

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
Loading...