force https in beginpaymentform when using invoicing payment method

Go to solution

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Tomasz Kowalski 135 posts 445 karma points

Nov 04, 2022 @ 12:47

0

Force HTTPS in BeginPaymentForm when using Invoicing payment method

Hi,

Vi have a customer that runs all their websites with "proxy" HTTPS. Actually I don't know, if it is the correct name, but thing is, that ther are only HTTP bindings in IIS and HTTPS is "added" on-the-fly.

The problem is that Umbraco thinks that it runs on HTTP and all URLs which are not relative, uses HTTP. That means, that even though site shows HTTPS in adress bar, url in the form action is with "http". And the webbrowser complains about sending data through unsafe connection.

It works fine with external payment providers. The problem is only with Invoicing payment method.

Is there anything I can do to force HTTPS on the action URL?

I'm using Umbraco 10.3.2 and Vendr 3.0.3

Kind regards

Tomasz

Copy Link
Matt Brailsford 4125 posts 22222 karma points MVP 9x c-trib

Nov 04, 2022 @ 13:56

0

Hi Thomasz,

If you are using proxies like this you need to ensure the X-Forwarded-Proto and X-Forwarded-Host headers are set. With both these set to whatever your proxy is using Vendr will use those when generating payment provider URLs

Copy Link
Tomasz Kowalski 135 posts 445 karma points

Nov 07, 2022 @ 09:45

0

Hi Matt,

It doesn't really help :( I've added these to headers, but payment form's action still uses http.

Unless I'm doing something wrong...

I'll try to dig in it by my self, but any ideas are appreciated :)

Kind regards

Tomasz

Copy Link

Matt Brailsford 4125 posts 22222 karma points MVP 9x c-trib

Nov 07, 2022 @ 10:09

Hmm, that should work then as far as I can tell.

If it helps, this is the code we use to get the base URL for the payment provider URLs

var request = _httpContextAccessor.HttpContext.Request;

var xForwardedProto = true;
var xForwardedHost = true;

string scheme = request.Headers["X-Forwarded-Proto"];
if (scheme.IsNullOrWhiteSpace())
{
    scheme = request.GetScheme();
    xForwardedProto = false;
}

string host = request.Headers["X-Original-Host"];
if (host.IsNullOrWhiteSpace())
{
    host = request.Headers["X-Forwarded-Host"];
    if (host.IsNullOrWhiteSpace())
    {
        host = request.GetHost();
        xForwardedHost = false;
    }
}

int port = int.Parse("0" + request.Headers["X-Forwarded-Port"]);
if (port == 0)
{
    string cfVisitor = request.Headers["CF-Visitor"];
    if (!cfVisitor.IsNullOrWhiteSpace())
    {
        port = cfVisitor.InvariantContains("https") ? 443 : 80;
    }
    else
    {
        port = xForwardedHost
            ? xForwardedProto
                ? scheme.InvariantEquals("https") ? 443 : 80
                : 80
            : request.GetPort();
    }
}

var baseUrl = new UriBuilder(scheme, host, port).Uri;

Maybe if you run that on a request with your headers set you can see where it's getting routed and if something is getting missed?

Copy Link

Matt Brailsford 4125 posts 22222 karma points MVP 9x c-trib

Nov 08, 2022 @ 09:11

100

Actually, i've just realized, the support for X-Forwarded-Host was only recently added and isn't yet deployed so I think you'd need to have X-Original-Host set instead

Copy Link
Tomasz Kowalski 135 posts 445 karma points

Nov 21, 2022 @ 10:42

1

Hi again,

It took the time to communicate with the customer, and set both headers to correct values, but it works perfect now.

Thank you for assistance! 5hyr! :)

Kind regards

Tomasz

Copy Link
is working on a reply...

Please Sign in or register to post replies

Flag this post as spam?