0

I am hosting a website at https://website.com When a user logs in, there are many network calls using javascript (VueJS/axios) to get their data. That network calls all use the path https://website.com/api/{path}.

In the network tab on the browsers (Chrome and Safari), the network calls are actually being sent to http://website.com/api/{path} and I don't know why. My http -> https then kicks in and redirects (301). When the redirect happens, the authorization header is lost and the network calls fail (unauthenticated).

I think this likely has to do with my AWS configuration. I am hosting the site using EC2. I use the typical elastic load balancer http -> https redirection. So the server itself is hosted on port 80 but the load balancer is terminating at 443. The load balancer port 80 redirects to port 443.

Any advice would be amazing. I've been stumped on this for days. Chrome is smart enough to keep the Authorization headers (but still 301 redirect). Safari requests completely fail.

This is a PHP Laravel application

Improve this question

1 Answer 1

Reset to default
1

If you are terminating your HTTPS on your load balancer (443) and forwarding to your server on http (80) you may need to look into trusted proxies and make sure your app is configured properly.

Otherwise the app will be confused and think you are on http all the time.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .