search

spatie / laravel-web-tinker

Tinker in your browser
https://spatie.be/open-source
MIT License
1.05k stars 68 forks source link

how to fixed this " insecure XMLHttpRequest"? #84

Closed liangguohuan closed 3 years ago

liangguohuan commented 3 years ago

Mixed Content: The page at 'xxx' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint

fh32000 commented 1 year ago

I faced the same problem when using this package in production.

app.js?id=54675ea5df087610508e:1 Mixed Content: The page at 'https://my-site/tinker' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://my-site/tinker'. This request has been blocked; the content must be served over HTTPS.

I found that the code causing the problem is:

public function index()
{
return view('web-tinker::web-tinker', [
'path' => app(UrlGenerator::class)->to(config('web-tinker.path')),
]);
}

Then I changed it to:

public function index()
{
return view('web-tinker::web-tinker', [
'path' => "https://my-site/tinker",
]);
}

Is there any other way to solve this problem? Thank you.

fh32000 commented 1 year ago

I solved the problem by installing SSL on cPanel. The steps are available in this video. Sorry for the inconvenience.

I suggest adding an easy way from the config to set full path.

<?php

use Spatie\WebTinker\OutputModifiers\PrefixDateTime;

return [

    /*
     * The web tinker page will be available on this path.
     */
  //  'path' => '/tinker',

       /*
     * The web tinker page will be available on this path.
     */
    'full_path' => 'https://my-site/tinker',

    /*
     * Possible values are 'auto', 'light' and 'dark'.
     */
    'theme' => 'dark',

    /*
     * By default this package will only run in local development.
     * Do not change this, unless you know what you are doing.
     */
    'enabled' => true,

    /*
    * This class can modify the output returned by Tinker. You can replace this with
    * any class that implements \Spatie\WebTinker\OutputModifiers\OutputModifier.
    */
    'output_modifier' => PrefixDateTime::class,

    /*
    * These middleware will be assigned to every WebTinker route, giving you the chance
    * to add your own middlewares to this list or change any of the existing middleware.
    */
    'middleware' => ['auth.very_basic'],

    /*
     * If you want to fine-tune PsySH configuration specify
     * configuration file name, relative to the root of your
     * application directory.
     */
    'config_file' => env('PSYSH_CONFIG', null),
];