On my Laravel 7 website I have Desktop and Mobile version, Server's running Apache, proxied by Cloudflare (Flexible SSL/TLS) with forced HTTPS enabled.
In Desktop version authentication is made standartly through the <form> and it works as it should, giving [Deprecation] Synchronous XMLHttpRequest warning however.
In Mobile version, authentication is performed via AJAX request. Authentication is being performed on click, but the request itself returns with Mixed Content response, so .done() function doesen't run. There are also several non-auth ajax functions, which works flawlessly. Also, using <form> for auth make it work, but I'd prefer to keep on going with AJAX.
So, my guessing is, that something in Login Controller is causing the problem, but I can't find out what exactly.
Request (CSRF token is set):
$.ajax({
url: '/login',
type: "POST",
data: {
email: $('input[name="login"]').val(),
password: $('input[name="password"]').val(),
}
}).fail(function (xhr) {
$('.alert-text').html('Wrong E-Mail or password');
}).done(function (msg) {
//
});
Login Controller:
protected function authenticated()
{
if (auth()->user()->active) {
return redirect()->secure(Session::get('current_page'));
} else {
auth()->logout();
return view('inactive_account');
}
}
Also exactly the same thing happens on logout.
I have tried commenting out return redirect in controller, didn't help.
For those who will encounter this, the problem was in SSL certificates.
I had one self-signed from Cloudflare, but none on server itself, so server was returning unsafe response all the time. So, to fix this, It's needed to obtain LE certificate on server and set Cloudflare SSL/TLS Encryption to Full.