I have a Laravel app running on Fortrabbit. All it's routes are an API (except for /). The frontend talks to the backend via the API. The frontend is served via https, as are all the routes.
Everything works via https: the assets, the API calls. All except for one route that redirects it's requests to http. It's a search function so at first I thought it might be the client-side library I'm using for the search but if I copy the XHR request as CURL and fire it from my terminal, I also get the redirect:
Request:
curl 'https://theapp/?search=mak' -H 'Accept: application/json, text/plain, */*' -H 'Referer: https://theapp/' -H 'X-XSRF-TOKEN: the-token -H 'X-Requested-With: XMLHttpRequest'
Response:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://theapp?search=mak">here</a>.</p>
<hr>
<address>Apache/2.4.25 (Ubuntu) Server at theapp Port 80</address>
</body></html>
I'm not a Laravel pro but I can't see or find anything that would cause that behaviour, whether in the configs or .htaccess. The APP_URL is set to the https URL as well.
Like I said there are several other GET routes in the app that do not redirect.
I contacted the Fortrabbit team but they insist they aren't redirecting anything to http. I don't see anything in the logs either, other than the request.
Does anyone have an idea what could be causing this?
One thing I notice is that the new URL in the redirect is missing the / after theapp. Perhaps this was just an error when you made it anonymous.
I suggest examining logs to see where this is being generated. For mod_rewrite add LogLevel rewrite:trace3 to your main config and review the error log. If it's being done by mod_alias then that will appear in the usual Apache access logs as a 301.