Thursday, December 24, 2015

How to force DebugKit to use HTTPS for its requests?

Apps running on Heroku can be requested via HTTPS even though the app and Web server don't know anything about it. Apps behind CloudFlare have a similar option.

In this environment, DebugKit may be blocked as "mixed content" because the request for it happens via HTTP. My browser (Firefox 43) says this:

Blocked loading mixed active content "http://myappname.herokuapp.com/debug_kit/toolbar/27dac57d-6616-4450-8926-ee75512bde70"      toolbar.js:53:2

What would be the preferred method of forcing DebugKit to use HTTPS in its base URL? When I look at the page source, I find this element:

<script id="__debug_kit" data-id="927dac57d-6616-4450-8926-ee75512bde70" data-url="http://myappname.herokuapp.com/" src="/debug_kit/js/toolbar.js"></script>

It seems I either need to force the protocol in the "data-url" attribute, or else configure it to ignore the base URL and to try loading the path from "src" relative to the browser's notion of the base URL.

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at https://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.

No comments: