Laravel 5.7 signed route returns 403 invalid signature

php laravel url signature
NaturalDevCR picture NaturalDevCR · Dec 22, 2018 · Viewed 16.7k times · Source

I'm trying to take advantage of the new signed middleware in Laravel 5.7, but for some reason the generated signed URL is returning 403 Invalid Signature.

I'm using the latest Laravel Version, with PHP 7.2

This is my web.php route: 

Route::get('/report/{user}/{client}', function ($user, $client) {
    return ("El usuario es: $user y el cliente es: $client");
})->name('report.client')->middleware('signed');

and this is in my controller:

$objDemo->tempURL = Url::temporarySignedRoute('report.client', now('America/Panama')->addDays(5), [
            'user' => 1,
            'client' => 1
        ]);

The URL is generated and shows something like this:

https://example.com/report/1/1?expires=1545440368&signature=55ad67fa049a74fe8e123c664e50f53564b76154e2dd805c5927125f63c390a1

But when i click the link the result is a 403 with the message: "Invalid signature"

Any ideas? thanks in advance

-----------UPDATE------------

Things i've done already:

  1. Try the route without signing, and works perfectly
  2. Try the route without parameters and only signing
  3. Try the route without temporary setting and only signing
  4. Set cloudflare's ip to trusted proxies
  5. Disable HTTPS, Enable HTTPS

Nothing seems to work, always getting the 403 invalid signature page

-----------UPDATE 2------------

Ok, so after some digging and testing, i found out that laravel signed routes won't work if the user is logged in, this is weird, if i logout then the route works perfectly, but if i log-in then it shows the 403 error, might this be because Laravel adds the session cookie header after everything else? and so the signed route fails because of it? it's this the way it should be?

Weird, because let's say i want to create a temporary link for my users to download something, if they are logged into my Laravel app, they will get this 403 error message... :(

------------UPDATE 3------------------

I tried in a fresh installation of laravel and worked perfectly, so it's something from my main Laravel app, also tried to install every composer dependency into the Fresh installation of Laravel, and still worked perfectly no matter the user login status, so it's not a conflict with my dependencies.

Answer

developer avijit picture developer avijit · Jul 8, 2019

Try below code: 

class TrustProxies extends Middleware
{
    protected $proxies = '*';
    protected $headers = Request::HEADER_X_FORWARDED_ALL;
}

Related questions

How Do I Get the Query Builder to Output Its Raw SQL Query as a String?

Given the following code: DB::table('users')->get(); I want to get the raw SQL query string that the database query builder above will generate. In this example, it would be SELECT * FROM users. How do I do …

Read More
How to Create Multiple Where Clause Query Using Laravel Eloquent?

I'm using the Laravel Eloquent query builder and I have a query where I want a WHERE clause on multiple conditions. It works, but it's not elegant. Example: $results = User::where('this', '=', 1) ->where('that', '=', 1) …

Read More
Get the Last Inserted Id Using Laravel Eloquent

I'm currently using the below code to insert data in a table: <?php public function saveDetailsCompany() { $post = Input::All(); $data = new Company; $data->nombre = $post['name']; $data->direccion = $post['address']; $data->telefono = $post['phone']; $data->…

Read More