0

I am facing one issue on my CakePHP project. I have SSL installed into my project and it was working properly earlier. But the problem started with all the forms after google chrome upgraded to 86 stable. It is started giving insecured warning message while submitting any form even for login form. This is happening in google chrome only.

I had done some research on this and saw updated google chrome browser added another layer of security for users. And then I did some research on solving the issue and the only thing I got it to add <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> into my website header. I did this but still the result is same. I also got some suggestion to check mixed content issue aslo need to check if anything loaded over http. I had checked and there is noting loading from http.

Another thing is, my website is running from https://www and while insecure warning is showing the url become http://www

Salines
  • 5,674
  • 3
  • 25
  • 50
Fokrule
  • 844
  • 2
  • 11
  • 30

2 Answers2

0

Try to force https @ .htaccess like

RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Or create Middleware to handle request (if host === 'http', redirect to https)

Salines
  • 5,674
  • 3
  • 25
  • 50
0

Use absolute path.

https://something.com/foo

Something similar was posted here https://bugs.chromium.org/p/chromium/issues/detail?id=1158169#c23

Try:

$this->redirect("/action/dosomething");
↓
$this->redirect("//" . $_SERVER["HTTP_HOST"] . "/action/dosomething");
Jaro F.
  • 24
  • 1