Admin api requests blocked for mixed-content
This is an odd one and happening in a single environment (which unfortunately is production) . I know the issue is me, but I can't seem to see what is wrong.
All api requests made by the twill admin are being made using
http instead of https and the browser is blocking the call for mixed-content.
For example, if you open the media library, a request is being made to http://productiondomain.com/admin/media-library/medias?page=1&type=image and the request gets blocked because the current page was loaded over https and it looks sus.
This is only happening in my production environment. I also have a testing and staging environment which do not exhibit the behaviour. Environments are the same save for domains and databases.
I am not exactly sure when this started to happen as we don't make daily changes to content and all the existing models/blocks run fine.
- It's only api calls in the twill admin for 1 environment that are affected.
- All other front end js, react components and Fetch/XHR requests work
- We have re-built the production environment three times.
- Checked, edited ADMIN_APP_URL & ADMIN_APP_STRICT
- cleared every cache, optimized, flushed and begged2 Replies
Hi @kerkness, is TLS terminated before reaching the machine? If so, did you configure Laravel TrustProxies middleware accordingly?
protected $proxies = '*'; would be the first thing to tryThanks @ifox. That seems to have done the trick. I've never had to do anything with TrustProxies before so appreciate the tip.
We were messing around with our load balancer monitoring and health reporting earlier in the week so maybe something changed in how it's balancing the load.
We were messing around with our load balancer monitoring and health reporting earlier in the week so maybe something changed in how it's balancing the load.