Search code examples
laravelngrok

ngrok not working correctly to test HTTPs

I downloaded ngrok so i can test my site for http and https requests (if someone is trying to get in my site specific url and it will be a simple http request, i will deny it),

first, my localhost is working in 8080 port

I start ngrok, it gives me the following:

enter image description here

both at the same port, it's a problem i think, because if i do such simple route configuration in laravel:

Route::filter('force.ssl', function()
{
    if( ! Request::secure())
    {
        return 'unsecured';
    }

});

and i have this route:

Route::get('survey/payment/secured', array('before' => 'force.ssl', function(){
   return 'secured!';
}));

and i do the following request:

https://75fdaa96.ngrok.com/survey/payment/secured

it thinks it unsecured and returns 'unsecured', how can i fix this?

Solution

  • Request::secure() relies on $_SERVER['HTTPS']. As the HTTPS is being provided by the proxy, not your webserver, Laravel doesn't know it's being served as HTTPS.

    ngrok does pass the X-Forwarded-Proto header, but Laravel doesn't trust it by default. You can use the trusted proxy middleware to trust it.