Glad my video helps~ I used this and then the localhost version bugged, so I follow up with another video about how to not forcing ssl on localhost, which you have also watched already~
XSS issue: 'This site requires a TrustedScripts assignment' Hi Gordon, i'm getting this bug in the browser: ua-cam.com/video/vYA81UAExKA/v-deo.html&ab_channel=ZeroNights.. Have you ran into this before ... Ive been searching 3 days now and ive found out that it's a security bug that warns of vulnerabilities (DOM sinks) in the HTML where an attacker could potentionally steal sensitive info and in order to remedy it, you will need the following: Content-Security-Policy Header 'Trusted Types' package etc ... Did u run into this when hosting on heroku ?
"An error occurred during a connection to 127.0.0.1:5000. SSL received a record that exceeded the maximum permissible length." Edit: Nvm, it works now I read your other answers. Needed this fix: ua-cam.com/video/8h4CZ0P1qy0/v-deo.html
Many thanks for your comment, Flame Princess. Sorry that I had not taught relevant topic in the same video, and that the previous linking is not clear enough. I have just revised video title and thumbnail to emphasize the need to watch #3b of this series as well. Hope it helps in future occasions for the others. Thanks once again for pointing this out.
Thank you Soo much. You are worth my follow I love the way you went through the whole taught process and even the issues on GitHub. You are worth my follow. Hope to see more amazing videos from you!❤️❤️❤️❤️❤️❤️
And one more important point: Follow the extra step at #3b also: ua-cam.com/video/8h4CZ0P1qy0/v-deo.html Because the way in #3a works for our custom domains. But for localhost, we don't have SSL certificate, so we should "not force" HTTPS connection, by adding if statement checking on the process.env
thank you so much for this tutorial, you are the only one on youtube who did this tutorial! great work :) please continue making good content like this :)
You are welcome ^^ Please also watch #3b to not force SSL at localhost. ua-cam.com/video/8h4CZ0P1qy0/v-deo.html Many thanks for your encouragement. I'm planning a Node.js series with using view templates, cloud database and authentication, hope it will help you too ^^
You are welcome ^^ You will also need to check the env so in localhost, it doesn't force you to SSL. If there is problem let me know and I'll show you how.
Yeah sure. Only thing is I also have 3 domain names for this site and a sub domain for each. Would that have anything to with it? I just set these up less than 24hrs ago.
It has nothing to do with the 3 domain names, as long as all the domain names each have a valid SSL certificate. I have created a Pull Request on your GitHub repository. Basically there are two issues: Issue 1: Sequence of codes enforce.HTTPS has to be called first Ref: github.com/florianheinemann/express-sslify/issues/25 Issue 2: Spelling mistake env not enve Ref: github.com/florianheinemann/express-sslify/issues/22 Please merge it and try. Look forward to knowing your result.
@Gordan Chan thank you for your help but now its giving me a different error: This site can’t provide a secure connectionwww.olivieriphoto.net sent an invalid response. ERR_SSL_PROTOCOL_ERROR I'm wondering if Heroku caught on and still isn't allowing this to convert to Https://
Actually, I just found my error. I didn't realize that I needed my own manual install of SSL certs for this to work. I have no SSL certificates for any of these. I think I misunderstood this from the beginning. But, quick question, if i get those SSL certs manually installed into the app, will it work then?
I enjoyed that you showed your trouble shooting process. Plus adding a follow up video.
Many thanks for your comment. It is a great encouragement to me ^^
Thank you for the help man, i've been looking everywhere for an answer.
Welcome ^^ Please watch #3b as well
Thank you so much! Liked and subbed :)
Thanks for the sub!
Please also follow lesson 3b : Not forcing SSL on localhost
ua-cam.com/video/8h4CZ0P1qy0/v-deo.html
Nice tutorial, Gordon. Thank you. It works.
Glad my video helps~ I used this and then the localhost version bugged, so I follow up with another video about how to not forcing ssl on localhost, which you have also watched already~
XSS issue: 'This site requires a TrustedScripts assignment'
Hi Gordon, i'm getting this bug in the browser:
ua-cam.com/video/vYA81UAExKA/v-deo.html&ab_channel=ZeroNights..
Have you ran into this before ... Ive been searching 3 days now and ive found out that it's a security bug that warns of vulnerabilities (DOM sinks) in the HTML where an attacker could potentionally steal sensitive info and in order to remedy it, you will need the following:
Content-Security-Policy Header
'Trusted Types' package
etc ...
Did u run into this when hosting on heroku ?
Nope, I havn't met this problem before.
"An error occurred during a connection to 127.0.0.1:5000. SSL received a record that exceeded the maximum permissible length."
Edit: Nvm, it works now I read your other answers. Needed this fix: ua-cam.com/video/8h4CZ0P1qy0/v-deo.html
Many thanks for your comment, Flame Princess.
Sorry that I had not taught relevant topic in the same video, and that the previous linking is not clear enough. I have just revised video title and thumbnail to emphasize the need to watch #3b of this series as well.
Hope it helps in future occasions for the others.
Thanks once again for pointing this out.
Do I still need the .htacces file or is that irrelevant to to express-sslify working?
.htaccess is for some host.
If you are using express-sslify, you don't need .htaccess
Exactly what I needed, thank you!
I'm glad that my video helps ^^
Please also watch lesson #3b
ua-cam.com/video/8h4CZ0P1qy0/v-deo.html
so clear explanation i subscribe
thanks ^^
you are the man! seriously !
Thanks ^^
Remember to watch the next video : "Not forcing on localhost" also~
Thank you Soo much. You are worth my follow I love the way you went through the whole taught process and even the issues on GitHub. You are worth my follow. Hope to see more amazing videos from you!❤️❤️❤️❤️❤️❤️
Thanks for your appraisal. I'm glad that you like my style. I will try my best to give more useful contents ^^
And one more important point: Follow the extra step at #3b also:
ua-cam.com/video/8h4CZ0P1qy0/v-deo.html
Because the way in #3a works for our custom domains. But for localhost, we don't have SSL certificate, so we should "not force" HTTPS connection, by adding if statement checking on the process.env
Thanks so much for the tutorial, do you also know how to upload Node.js app sitemap to google search console?
Thanks. Sure, I'll record a video to demonstrate it. I'll post the link here when available.
thank you so much for this tutorial, you are the only one on youtube who did this tutorial! great work :) please continue making good content like this :)
You are welcome ^^
Please also watch #3b to not force SSL at localhost.
ua-cam.com/video/8h4CZ0P1qy0/v-deo.html
Many thanks for your encouragement. I'm planning a Node.js series with using view templates, cloud database and authentication, hope it will help you too ^^
didnt work for me :(
Can you let me know more? Are you using Node.js? What are the versions?
Have your problem been solved? Let's have a LIVE session to solve your problem if it's not.
please make a video on how to attach Google Analytics with the Node.js web app
Good idea. I'll reply here when the video is available
waiting for it.
This is exactly what I was looking for.. Thank you so much
You are welcome ^^
You will also need to check the env so in localhost, it doesn't force you to SSL.
If there is problem let me know and I'll show you how.
Please also do the adjustment as demonstrated in #3b:
ua-cam.com/video/8h4CZ0P1qy0/v-deo.html
Also, not working for me either.
Would you mind sharing your code in GitHub so I can examine the codes?
Yeah sure. Only thing is I also have 3 domain names for this site and a sub domain for each. Would that have anything to with it? I just set these up less than 24hrs ago.
It has nothing to do with the 3 domain names, as long as all the domain names each have a valid SSL certificate.
I have created a Pull Request on your GitHub repository. Basically there are two issues:
Issue 1: Sequence of codes
enforce.HTTPS has to be called first
Ref: github.com/florianheinemann/express-sslify/issues/25
Issue 2: Spelling mistake
env not enve
Ref: github.com/florianheinemann/express-sslify/issues/22
Please merge it and try.
Look forward to knowing your result.
@Gordan Chan thank you for your help but now its giving me a different error:
This site can’t provide a secure connectionwww.olivieriphoto.net sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
I'm wondering if Heroku caught on and still isn't allowing this to convert to Https://
Actually, I just found my error. I didn't realize that I needed my own manual install of SSL certs for this to work. I have no SSL certificates for any of these. I think I misunderstood this from the beginning. But, quick question, if i get those SSL certs manually installed into the app, will it work then?