admin doesn't work against demo.api-platform.com

[karser]

The exact error:

Fetch API cannot load http://demo.api-platform.com/docs.jsonld. Response for preflight is invalid (redirect)

How to reproduce:

1. I'm using https://demo.api-platform.com as an api endpoint OPTIONS response contains LINK header which refers to http://demo.api-platform.com/docs.jsonld (although I specified https).

2. It is requesting http://demo.api-platform.com/docs.jsonld and receives 301 Moved Permanently and Location:https://demo.api-platform.com/docs.jsonld

Also notice that first response is HTTP/2 and second one is HTTP 1.1

[dunglas]

@karser thanks for the report.

@Simperfit do you think you can fix that? https://symfony.com/doc/current/security/force_https.html may help, in prod we should only generate https routes.

IMO it can be done by adding a security rule for the prod env in https://github.com/api-platform/demo/blob/master/app/config/security.yml

[wadjeroudi]

@dunglas I've the same problem. I think your solution using the security.yml will only deny if no https is used. Maybe you should use https://symfony.com/doc/current/routing/scheme.html But don't know how to do that only for prod env.

[dunglas]

@wadjeroudi good idea. We can define routes depending of the environment, so it should do the trick.

[mickaelandrieu]

@dunglas this issue is still here, I guess I can't help here as the fix you suggested needs to be done on your demonstration website, am I right?

[dunglas]

Yes, @Simperfit is handling it (we'll publish soon a new demo)

[pascalwacker]

Is there an ETA on this issue? For now I just overwrote api_platform.hydra.listener.response.add_link_header and api_platform.router in my servies.yaml file (which is quite hacky and shouldn't be deployed to prod IMO)

[dunglas]

@Mathieudewet is working on it on the demo deployment side.