'The information you’re about to submit is not secure'
I have a very simple fastAPI page that I just began hosting through github on railway. It has a text file upload form. When the form is submitted, the page shows:
The information you’re about to submit is not secure
Because this form is being submitted using a connection that’s not secure, your information will be visible to others.
I can click 'send anyway' and the site continues as intended, I just don't want that message popping up for users. I have cleared cache, and tried on other devices.
15 Replies
Project ID:
76839ba3-823f-432f-8aa5-804dc9bf80d776839ba3-823f-432f-8aa5-804dc9bf80d7
here is the site: https://fastapi-production-23e9.up.railway.app/
your flask server is sending a 307 redirect response back on that post request, to the same url but unsecure
yeah, I tried fixing that by explicitly stating https in the form submit: <form action="https://fastapi-production-23e9.up.railway.app/uploadfile" method="post" enctype="multipart/form-data" id="uploadForm">
But still get the redirect to http
that wouldnt fix it, this is the flask server thats sending the redirect response
if you have some type of middleware that makes sure incoming requests are performed with https, you can either trust the proxy headers or remove it since you just cant use http on railway anyway
ok thanks. Let me check the middleware. Sorry if I have stupid questions, kinda new to this
no worries at all
I added this to the fastapi backend:
app.add_middleware(TrustedHostMiddleware, allowed_hosts=["*"], allow_any=True)
app.add_middleware(HTTPSRedirectMiddleware)
Not sure if this is the correct approach but the app is just not working at all now haha
'This page isn’t workingfastapi-production-23e9.up.railway.app is currently unable to handle this request.'
i did say you can remove the https redirect middleware and you then added it lol
haha my bad. I thought I needed that. I didn't have any middleware setup previously. Can you tell me if my undertsanding is correct: When the app gets a request to the upload endpoint, it is being redirected via http which is insecure. So I need to make sure it is not redirecting to http??
correct, somewhere in your code there is something that is trying to redirect the incoming request to http
got it working. Changed the endpoint from /upload_file to /upload_file/. Really don't know how I would've figured that out besides dumb luck.
Thanks for your help and patience
no problem!