1

This is related to this question. I found that when I checked my HTTPRequest on my YII that Yii::app()->request uses either file_get_contents('php://input') or $HTTP_RAW_POST_DATA to get the request from the front-end. This mechanism works when SSL is disabled yet when enabled, the post data disappears. I saw a similar question but there has been no concrete solution though there is an answer that discourages that use of a 302 redirect when forcing http to https. I need this mechanism on my api server to redirect http to https. How can I allow the redirection of http to https without losing post data? My nginx config is found on this link.

I hope this gets resolved once and for all because I've spent more than a week stuck on this problem.

The Bassman
  • 2,241
  • 5
  • 26
  • 38
  • 1
    The solution is to NOT redirect HTTP to HTTPS. Why send the user to HTTP if you want them to go to HTTPS? – AbraCadaver Feb 21 '19 at 17:02
  • You cannot redirect with data in the body. The body data will be lost. Usually when dealing with this on a web-app we do JavaScript trickery to force the browser to resubmit the body instead of sending a redirect response however since this is an API you can't do this.The solution is to stop forcing a redirect on API routes and ask your API consumers to switch to HTTPS and accept that ones that don't switch will not be secured. – apokryfos Feb 25 '19 at 19:45

1 Answers1

0

If you want to redirect http to https, you have to update your nginx conf file.

Nginx should listen to http :

    server {
            listen          80;
            server_name     api.test.com;
            return 301 https://api.test.com$request_uri;
    }

    server {
            listen          443 ssl http2;
            server_name     api.test.com;

            root /var/apps/myapp/current/workspace/api;
            ...

The http2 is optional

Patrice Flao
  • 491
  • 5
  • 18