You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A HTTP connection does not become secure by setting X-Forwarded-Proto header. It is still an unencrypted connection. If you are using proxy or load balancer you can set the secure config parameter to false to get rid of the error.
Another option would be to use an additional middleware which sets the request method in the request object according to X-Forwarded-Proto (if you trust the header of course).
Hi,
Getting this error message over an HTTPS connection for a server hosted on Heroku:
FYI, in local development (over HTTPS, with a self-encrypted certificate), I get these key/pairs in
$_SERVER
:Whereas on Heroku there's no such line, but, instead:
This is typical for hosting behind a proxy or load balance. See X-Forwarded-Proto.
Here's the workaround I'm using:
I guess tuupola/slim-basic-auth could check for these values as well when trying to determine if a connection is secure.
The text was updated successfully, but these errors were encountered: