framework: Invalid Signature - Email Verification - HTTPS

  • Laravel Version: 5.8.14
  • PHP Version: 7.3.4
  • Database Driver & Version: mysql 5.7

Description:

When using HTTPS, the email validation link gets invalid and returns an HTTP Error with 403 Invalid signature.. When using HTTP, everything works fine (but insecure).

PS: After enabling HTTPS every link uses HTTPS (also the one in the email).

Steps To Reproduce:

  1. Edit the file app/Providers/AppServiceProvider.php and add the following lines of code in the method boot:
if(env('FORCE_HTTPS')) {
    URL::forceScheme('https');
}
  1. Set the environment variable FORCE_HTTPS to true.
  2. Run php artisan config:cache if the changes haven’t been applied.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 19 (1 by maintainers)

Most upvoted comments

I had a similar problem - it can be solved very easy if you use the TrustedProxy Middleware.

  1. Add \URL::forceScheme(‘https’); to the boot method in AppServiceProvider.php

     if($this->app->environment('production'))
 {
     \URL::forceScheme('https');
 }

  2. Allow all like below or configure proxies as explained in the docs: https://laravel.com/docs/5.8/requests#configuring-trusted-proxies

    <?php

namespace App\Http\Middleware;

use Illuminate\Http\Request;
use Fideloper\Proxy\TrustProxies as Middleware;

class TrustProxies extends Middleware
{
   /**
   * The trusted proxies for this application.
   *
   * @var array|string
   */
   protected $proxies = '*';

   /**
   * The headers that should be used to detect proxies.
   *
   * @var int
   */
   protected $headers = Request::HEADER_X_FORWARDED_ALL;
}
+47
papamarfo on Jul 12, 2019

I had a similar problem - it can be solved very easy if you use the TrustedProxy Middleware.

  1. Add \URL::forceScheme(‘https’); to the boot method in AppServiceProvider.php
     if($this->app->environment('production'))
 {
     \URL::forceScheme('https');
 }
  2. Allow all like below or configure proxies as explained in the docs: https://laravel.com/docs/5.8/requests#configuring-trusted-proxies
    <?php

namespace App\Http\Middleware;

use Illuminate\Http\Request;
use Fideloper\Proxy\TrustProxies as Middleware;

class TrustProxies extends Middleware
{
   /**
   * The trusted proxies for this application.
   *
   * @var array|string
   */
   protected $proxies = '*';

   /**
   * The headers that should be used to detect proxies.
   *
   * @var int
   */
   protected $headers = Request::HEADER_X_FORWARDED_ALL;
}

Thanks man it works.

+13
za2n456 on May 15, 2020

In my case, it was the misconfiguration in NGINX

 location / {
    try_files $uri $uri/ /index.php?$query_string;
}

the $query_string was missing.

+6
narektutikian on Mar 27, 2020

403 | INVALID SIGNATURE Solve the problem

first go to path, app->Http->Middleware->TrustProxies.php

change this code…

class TrustProxies extends Middleware
{
    protected $proxies = '*';

    protected $headers = Request::HEADER_X_FORWARDED_FOR | Request::HEADER_X_FORWARDED_HOST | Request::HEADER_X_FORWARDED_PORT | Request::HEADER_X_FORWARDED_PROTO;
}
+3
shashikanuwan on May 9, 2021

I had a similar problem - it can be solved very easy if you use the TrustedProxy Middleware.

  1. Add \URL::forceScheme(‘https’); to the boot method in AppServiceProvider.php
     if($this->app->environment('production'))
 {
     \URL::forceScheme('https');
 }
  2. Allow all like below or configure proxies as explained in the docs: https://laravel.com/docs/5.8/requests#configuring-trusted-proxies
    <?php

namespace App\Http\Middleware;

use Illuminate\Http\Request;
use Fideloper\Proxy\TrustProxies as Middleware;

class TrustProxies extends Middleware
{
   /**
   * The trusted proxies for this application.
   *
   * @var array|string
   */
   protected $proxies = '*';

   /**
   * The headers that should be used to detect proxies.
   *
   * @var int
   */
   protected $headers = Request::HEADER_X_FORWARDED_ALL;
}

Thanks man it works.

yes, it works 😃

+3
supankar on Jan 4, 2021

I had a similar problem - it can be solved very easy if you use the TrustedProxy Middleware.

  1. Add \URL::forceScheme(‘https’); to the boot method in AppServiceProvider.php
     if($this->app->environment('production'))
 {
     \URL::forceScheme('https');
 }
  2. Allow all like below or configure proxies as explained in the docs: https://laravel.com/docs/5.8/requests#configuring-trusted-proxies
    <?php

namespace App\Http\Middleware;

use Illuminate\Http\Request;
use Fideloper\Proxy\TrustProxies as Middleware;

class TrustProxies extends Middleware
{
   /**
   * The trusted proxies for this application.
   *
   * @var array|string
   */
   protected $proxies = '*';

   /**
   * The headers that should be used to detect proxies.
   *
   * @var int
   */
   protected $headers = Request::HEADER_X_FORWARDED_ALL;
}

Thanks man it works.

Also works for me!!

+1
thecyrilcril on Jan 5, 2022

If you use Nginx to web server, you must add following configuration to .conf file:

   location / {
         # remove it: try_files $uri $uri/ /index.php?q=$uri&$args;
         # replace this:
         try_files $uri $uri/ /index.php?$query_string;
   }
+1
soroushoracle on May 26, 2021
Read more comments on GitHub
← framework: Invalid default value for 'created_at'
framework: Job chaining does not allow constructor arguments on first job in chain →