redirect_uri points to http instead of https
dlednik opened this issue · 8 comments
Is there a way to force this?
I have a site and it tries to redirect to http://domain instead of https://domain
Why don't you initiate the login from a https page? The redirect uri will then have https.
The login is on https page
Then the redirect uri generated should have https too.
For exactly which URL you are having problem? The redirection URL after auth is completed on provider's site?
Don't want to publish URL here. Can you send me an email pls. and I'll share the live site with you that is giving me problems. Tried to look through the source code of both plugins but I could not find anything weird so far.
Sorry I can't provide support via email.
If you have set the loginUrl
as string make sure it's full URL starting with https. If it's an array and current URL has https the loginUrl
generated would have https too.
Only other URL the plugin sets is redirect_uri
for social auth which would also have https based on current URL:
cakephp-social-auth/src/Middleware/SocialAuthMiddleware.php
Lines 460 to 464 in f92ac62
You'll need to debug yourself and find out how / where URL without https is used.
This seems like a user error. I cannot reproduce with GitHub login and normal setup.
One can also explicitly set _ssl
true in the redirect url array.