I have a form which is populated and submitted by JavaScript. The form is build by Laravel Form Builder. Here is the code for the Form:
{!!Form::open(['url' => URL::to('billing/payments', array(), true ), 'id' => 'frmRebill'])!!}
{!!Form::hidden('plan', '', ['id' => 'plan'])!!}
{!!Form::hidden('annual', '', ['id' => 'annual'])!!}
{!!Form::close()!!}
If form is accessed from http://server.com/billing
and submitted to https://server.com/billing/payment
or http://server.com/billing/payment
, it works fine.
But when form is accessed from https://server.com/billing
and submitted to https://server.com/billing/payment
it gives the 403 error.
I'm using Nginx. Here is the Nginx virtual host file:
server {
listen 80;
server_name server.com
charset utf-8;
sendfile off;
client_max_body_size 10m;
index index.php;
error_log /var/log/nginx/error.log debug;
access_log /var/log/nginx/access.log;
root /var/www/server/public;
location /ping.html {
return 200 'pong';
}
location ~ ^/billing/(.+(?:css|js|woff|woff2|ttf))$ {
alias /var/www/billing/public/$1;
access_log off;
}
#billing code in laravel5
location /billing/ {
error_log /var/log/nginx/mkj-error.log debug;
alias /var/www/billing/public;
## Check for file existing and if there, stop ##
if (-f $request_filename) {
break;
}
## Check for file existing and if there, stop ##
if (-d $request_filename) {
break;
}
index index.php;
try_files $uri $uri/ @billing;
}
location @billing {
rewrite /billing/(.*)$ /billing/index.php?/$1 last;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
set $php_root /var/www/s/public;
if ($request_uri ~ /billing) {
set $php_root /var/www/billing/public;
}
fastcgi_param PATH_TRANSLATED $php_root/index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param REMOTE_ADDR $http_x_real_ip;
include fastcgi_params;
fastcgi_intercept_errors off;
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
fastcgi_read_timeout 120;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ /\.ht {
deny all;
}
}
Note: the csrf token is also same generated by the form and saved in session. Can some one please figure out what the problem is and what is the solution?