Search code examples
laravelvue.jshttpsslsignature

How to successfully verify emails in Laravel 10 + Vue 3?

My app is using Laravel 10 + Vue 3.

It's running in a Web App on the server, that itself has a HTTP URL. But the hosting provider's support tells me that any request is made over HTTPS, because I have a SSL certificate installed and a Force HTTPS setting turned on.

The domain has a https:// URL.

My APP_URL has an https:// domain.

My AppServiceProvider has URL::forceScheme('https'); in boot(). Which makes the assets correctly load through HTTPS.

I am trying to set up email verification.

I create the verification URL this way:

$verificationUrl = URL::temporarySignedRoute(
    'verification_route', now()->addMinutes(30), ['id' => $user->id], true
);

If I check it immediately using:

$request = Request::create($verificationUrl);
$isValid = $request->hasValidSignature();

$isValid will be true;

If I copy that HTTPS URL and paste it in a new tab, however, I will get a 403 Invalid Signature error.

If I log the request like this Log::info($request->fullUrl());, right after the URL was generated, I get the HTTPS URL, but, right before it gets verified, I get a HTTP version of the URL, even though the URL I pasted is HTTPS.

That would never happen with a normal Laravel installation. Here it's Laravel + Jetstream + Inertia, and if the issue isn't the initial HTTP protocol of the Web App set up in the hosting account's control panel, then there is something somewhere in the installation, that is boilerplate, changing HTTPS requests into HTTP.

I have tried this as well in the routes:

Route::group(['scheme' => 'https'], function() {
  //relevant routes
});

And then it's like these routes don't exist at all.

Does anybody know what could cause a HTTPS URL request to be seen by the app as a HTTP request, making any signature verification impossible unless I disabled SSL and HTTPS entirely?

Edit recommended by StackOverflow: my question is different from this one because all my routes are already HTTPS.

Solution

  • The issue was solved by:

    1. creating this variable in .env with the IP address of the server:
    TRUSTED_PROXY_IP=XXX.X.XXX.XX
    1. adding this line into config/app.php:
    'trusted_proxies' => env('TRUSTED_PROXY_IP', '127.0.0.1'),
    1. adding this to the TrustProxies middleware:
    public function __construct()
{
  $this->proxies = [
    '127.0.0.1',
    config('app.trusted_proxies'),
  ];
}