Open karser opened 7 years ago
@karser thanks for the report.
@Simperfit do you think you can fix that? https://symfony.com/doc/current/security/force_https.html may help, in prod we should only generate https
routes.
IMO it can be done by adding a security rule for the prod env in https://github.com/api-platform/demo/blob/master/app/config/security.yml
@dunglas I've the same problem. I think your solution using the security.yml will only deny if no https is used. Maybe you should use https://symfony.com/doc/current/routing/scheme.html But don't know how to do that only for prod env.
@wadjeroudi good idea. We can define routes depending of the environment, so it should do the trick.
@dunglas this issue is still here, I guess I can't help here as the fix you suggested needs to be done on your demonstration website, am I right?
Yes, @Simperfit is handling it (we'll publish soon a new demo)
Is there an ETA on this issue? For now I just overwrote api_platform.hydra.listener.response.add_link_header
and api_platform.router
in my servies.yaml
file (which is quite hacky and shouldn't be deployed to prod IMO)
@Mathieudewet is working on it on the demo deployment side.
The exact error:
How to reproduce:
I'm using https://demo.api-platform.com as an api endpoint OPTIONS response contains LINK header which refers to http://demo.api-platform.com/docs.jsonld (although I specified https).
It is requesting http://demo.api-platform.com/docs.jsonld and receives
301 Moved Permanently
andLocation:https://demo.api-platform.com/docs.jsonld
Also notice that first response is HTTP/2 and second one is HTTP 1.1