search

pingpong-labs / admin

Laravel 5 Admin
https://packagist.org/packages/pingpong/admin
BSD 3-Clause "New" or "Revised" License
432 stars 114 forks source link

Https problem #20

Closed alibo closed 9 years ago

alibo commented 9 years ago

Hi, When I enable https on my website, everything goes wrong. please add an option in config file to enable secure (https) mode. Thank you;)

noxify commented 9 years ago

Hi,

Can you give us some more Information?

What is going wrong? Did you get an error or something else?

alibo commented 9 years ago

Thank you for your reply.

The problem is with resources and urls:

Http: http

Https: https

noxify commented 9 years ago

Hi,

i think the problem is the admin_asset helper, which is defined here:

vendor/Pinpong/Admin/src/Pingpong/Admin/helpers.php

We have here the following function:

if ( ! function_exists('admin_asset'))
{
    /**
     * Get admin asset url.
     * 
     * @param  string  $url
     * @param  boolean $secure
     * @return string
     */
    function admin_asset($url, $secure = false)
    {
        return asset("packages/pingpong/admin/" . $url, $secure);
    }
}

In the partials/style.blade.php view (inside the views directory of the package), we have the following:

<link href="{{ admin_asset('components/bootstrap/dist/css/bootstrap.min.css') }}" rel="stylesheet" type="text/css"/>
<link href="{{ admin_asset('components/fontawesome/css/font-awesome.min.css') }}" rel="stylesheet"
type="text/css"/>
<!-- Ionicons -->
<link href="//code.ionicframework.com/ionicons/1.5.2/css/ionicons.min.css" rel="stylesheet" type="text/css"/>
<!-- Morris chart -->
<link href="{{ admin_asset('adminlte/css/morris/morris.css') }}" rel="stylesheet" type="text/css"/>
<!-- jvectormap -->
<link href="{{ admin_asset('adminlte/css/jvectormap/jquery-jvectormap-1.2.2.css') }}" rel="stylesheet" type="text/css"/>
<!-- Date Picker -->
<link href="{{ admin_asset('adminlte/css/datepicker/datepicker3.css') }}" rel="stylesheet" type="text/css"/>
<!-- Daterange picker -->
<link href="{{ admin_asset('adminlte/css/daterangepicker/daterangepicker-bs3.css') }}" rel="stylesheet" type="text/css"/>
<!-- bootstrap wysihtml5 - text editor -->
<link href="{{ admin_asset('adminlte/css/bootstrap-wysihtml5/bootstrap3-wysihtml5.min.css') }}" rel="stylesheet" type="text/css"/>
<!-- Theme style -->
<link href="{{ admin_asset('adminlte/css/AdminLTE.css') }}" rel="stylesheet" type="text/css"/>

As we can see, there is no third argument, so the script will use the HTTP link instead of the HTTPS link.

You can overwrite the view inside the "local" views directory

You should also check the script.blade.php :)

Hope this helps :)

Greets from Germany, Marcus

alibo commented 9 years ago

Thank you very much;) Now, I just have another problem with forms like login form. I don't know how to change action url without changing the source.

I also can redirect all http requests to https but it's risky because of SSLstrip attacks.

noxify commented 9 years ago

Hi,

you can add a filter something like this: http://stackoverflow.com/a/19968614/2769836

I have solve the problem with my own module, which overwrites the routes from the admin package.

I have copied the routes.php from the source package and copied it into my module routes.php. If you're not using the modules package, you can try to put it into the app/routes.php.

noxify commented 9 years ago

Or if you want the view (e.g. login.blade.php) directly you can overwrite the package view.

http://laravel.com/docs/4.2/packages#package-views

This should help you to copy the package views without effort ;)

Hope this helps.

alibo commented 9 years ago

Thank you;) I published the views and copied the package routes into the app/routes.php as you said. it works fine now. thanks;) But I had to change these methods: route() and action() to Url::to(). they don't have $secure parameter to enable secure mode. also when I add 'https' to my routes, they are only redirected to https://... ,but in the views they are 'http://...' I think it's an issue for laravel 4.2

noxify commented 9 years ago

Hi,

thanks for your feedback.

I did not test it, but based on this answer: http://stackoverflow.com/a/19968614/2769836

You can create a new before filter, which redirects your HTTP Requests to HTTPS.

Then you can use, if I'm not wrong, the route() method again.

developerdino commented 9 years ago

Hi @alibo,

I see that you have implemented a work around for your project instance, but this is still an issue in the latest version.

Could you please reopen this issue as I think there should be a proper fix for it. I might even have a go at it myself if I can find the time.