Force HTTPS in BeginPaymentForm when using Invoicing payment method
Hi,
Vi have a customer that runs all their websites with "proxy" HTTPS.
Actually I don't know, if it is the correct name, but thing is, that ther are only HTTP bindings in IIS and HTTPS is "added" on-the-fly.
The problem is that Umbraco thinks that it runs on HTTP and all URLs which are not relative, uses HTTP. That means, that even though site shows HTTPS in adress bar, url in the form action is with "http". And the webbrowser complains about sending data through unsafe connection.
It works fine with external payment providers. The problem is only with Invoicing payment method.
Is there anything I can do to force HTTPS on the action URL?
If you are using proxies like this you need to ensure the X-Forwarded-Proto and X-Forwarded-Host headers are set. With both these set to whatever your proxy is using Vendr will use those when generating payment provider URLs
Actually, i've just realized, the support for X-Forwarded-Host was only recently added and isn't yet deployed so I think you'd need to have X-Original-Host set instead
Force HTTPS in BeginPaymentForm when using Invoicing payment method
Hi,
Vi have a customer that runs all their websites with "proxy" HTTPS. Actually I don't know, if it is the correct name, but thing is, that ther are only HTTP bindings in IIS and HTTPS is "added" on-the-fly.
The problem is that Umbraco thinks that it runs on HTTP and all URLs which are not relative, uses HTTP. That means, that even though site shows HTTPS in adress bar, url in the form action is with "http". And the webbrowser complains about sending data through unsafe connection.
It works fine with external payment providers. The problem is only with Invoicing payment method.
Is there anything I can do to force HTTPS on the action URL?
I'm using Umbraco 10.3.2 and Vendr 3.0.3
Kind regards
Tomasz
Hi Thomasz,
If you are using proxies like this you need to ensure the
X-Forwarded-Proto
andX-Forwarded-Host
headers are set. With both these set to whatever your proxy is using Vendr will use those when generating payment provider URLsHi Matt,
It doesn't really help :( I've added these to headers, but payment form's action still uses http.
Unless I'm doing something wrong...
I'll try to dig in it by my self, but any ideas are appreciated :)
Kind regards
Tomasz
Hmm, that should work then as far as I can tell.
If it helps, this is the code we use to get the base URL for the payment provider URLs
Maybe if you run that on a request with your headers set you can see where it's getting routed and if something is getting missed?
Actually, i've just realized, the support for
X-Forwarded-Host
was only recently added and isn't yet deployed so I think you'd need to haveX-Original-Host
set insteadHi again,
It took the time to communicate with the customer, and set both headers to correct values, but it works perfect now.
Thank you for assistance! 5hyr! :)
Kind regards
Tomasz
is working on a reply...