Https redirection not working in cakephp 4

Question

I have an issue related to https redirection in cakephp 4,

I configured HttpsEnforcerMiddleware but it not redirect to https.It show an error related to FormProtection Component for all http requests.

File src/Application.php
public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
    {

        $middlewareQueue
            // Catch any exceptions in the lower layers,
            // and make an error page/response
            ->add(new ErrorHandlerMiddleware(Configure::read('Error')))

            // Handle plugin/theme assets like CakePHP normally does.
            ->add(new AssetMiddleware([
                'cacheTime' => Configure::read('Asset.cacheTime'),
            ]))

            // Add routing middleware.
            // If you have a large number of routes connected, turning on routes
            // caching in production could improve performance. For that when
            // creating the middleware instance specify the cache config name by
            // using it's second constructor argument:
            // `new RoutingMiddleware($this, '_cake_routes_')`
            ->add(new RoutingMiddleware($this))
            // Parse various types of encoded request bodies so that they are
            // available as array through $request->getData()
            // https://book.cakephp.org/4/en/controllers/middleware.html#body-parser-middleware
            ->add(new HttpsEnforcerMiddleware([
                'HttpsEnforcerMiddleware' => true,'headers' => ['X-Https-Upgrade' => true],'statusCode' => 302
            ]))
            ->add(new BodyParserMiddleware());

        return $middlewareQueue;
    }

Error log :

    2020-05-06 20:04:44 Error: [Cake\Http\Exception\BadRequestException] Bad Request in xxxxxxx/vendor/cakephp/cakephp/src/Controller/Component/FormProtectionComponent.php on line 141
Stack Trace:
- xxxxxxx/vendor/cakephp/cakephp/src/Controller/Component/FormProtectionComponent.php:95
- xxxxxxx/vendor/cakephp/cakephp/src/Event/EventManager.php:309
- xxxxxxx/vendor/cakephp/cakephp/src/Event/EventManager.php:286
- xxxxxxx/vendor/cakephp/cakephp/src/Event/EventDispatcherTrait.php:92
- xxxxxxx/vendor/cakephp/cakephp/src/Controller/Controller.php:569
- xxxxxxx/vendor/cakephp/cakephp/src/Controller/ControllerFactory.php:72
- xxxxxxx/vendor/cakephp/cakephp/src/Http/BaseApplication.php:229
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Runner.php:77
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Middleware/BodyParserMiddleware.php:164
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Runner.php:73
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Middleware/HttpsEnforcerMiddleware.php:81
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Runner.php:73
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Runner.php:77
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:137
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Runner.php:73
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Runner.php:58
- xxxxxxx/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php:162
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Runner.php:73
- xxxxxxx/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php:68
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Runner.php:73
- xxxxxxx/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php:119
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Runner.php:73
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Runner.php:58
- xxxxxxx/vendor/cakephp/cakephp/src/Http/Server.php:90
- xxxxxxx/webroot/index.php:40

Stack Trace Updated ( version 2)

Any way you can provide more of the stack trace? This shows that CSRF and Body Parser middleware are being used, but your code doesn't make mention of CSRF. Might be instructive to know what else is in the call stack. — Greg Schmidt, May 06 '20 at 16:48
Thank you for your reply @GregSchmidt , I use AuthComponent , I disabled Security component because it cause issue with FormProtection and I used HttpsEnforcerMiddleware , I think that CSRF is enabled by default — devlogi, May 06 '20 at 17:06
It's still useful to be able to see more of the call stack, to ensure that it lines up with what we would expect. In particular, the HttpsEnforcerMiddleware is not shown in the stack at all. If that's because it's off the bottom, that's one thing; if it's because it's not in there at all, that's something entirely different. Help us to help you, don't make us guess. Most people won't bother. — Greg Schmidt, May 06 '20 at 17:22
@GregSchmidt , It's strange , I don't see any error related to HttpsEnforcerMiddleware , the Stack Trace is the same , I checked the error.log nothing related to HttpsEnforcerMiddleware , may be I did something wrong for HttpsEnforcerMiddleware configuration — devlogi, May 06 '20 at 17:28
The stack trace you've shown is most certainly not the whole stack trace. Seeing all of it would help. — Greg Schmidt, May 06 '20 at 17:42
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/213270/discussion-between-devlogi-and-greg-schmidt). — devlogi, May 06 '20 at 19:47

Https redirection not working in cakephp 4

0 Answers0