With debug = false, CakePHP errors Too Many Redirects

We have a CakePHP 3.7 project running perfectly when the app.php config file has debug = true. However when this is set to debug = false the browser gives a Too Many Redirects error.

We’re NOT seeing this issue under a standard test server on AWS but we are seeing this issue on a new server using HAProxy - this is the only difference.

Is this a known issue?

Can you check the logs?

Do you have the correct value for App.base and App.fullBaseUrl? My guess is that auth component doesn’t have the right login url and tries to redirect in a loop

from Configuration

The base directory the app resides in. If false this will be auto detected. If not false, ensure your string starts with a / and does NOT end with a /. E.g., /basedir is a valid App.base. Otherwise, the AuthComponent will not work properly.

The app.php settings are:

'App' => [
        'namespace' => 'App',
        'encoding' => env('APP_ENCODING', 'UTF-8'),
        'defaultLocale' => env('APP_DEFAULT_LOCALE', 'en_US'),
        'defaultTimezone' => env('APP_DEFAULT_TIMEZONE', 'UTC'),
        'base' => false,
        'dir' => 'src',
        'webroot' => 'webroot',
        'wwwRoot' => WWW_ROOT,
        //'baseUrl' => env('SCRIPT_NAME'),
        'fullBaseUrl' => "https://XXX.co.uk",
        'imageBaseUrl' => 'img/',
        'cssBaseUrl' => 'css/',
        'jsBaseUrl' => 'js/',
        'paths' => [
            'plugins' => [ROOT . DS . 'plugins' . DS],
            'templates' => [APP . 'Template' . DS],
            'locales' => [APP . 'Locale' . DS],

when 'debug' => true then Cake logs are written normally, everything runs.
when 'debug' => false the redirect error occurs and no Cake logs are written.

I’m unclear as to what the 'base' => false should be set as instead?

Many thanks for you help!

Check the network tab of your browser’s developer tools, to see what URL(s) it’s redirecting to. It’s almost certainly either redirecting constantly to the same URL, or else back and forth between two. Either way, this will give you a clear idea of what URL is not loading correctly.

1 Like

So it just shows repeated redirects from the webroot to the the webroot.
When debug => true this does not happen.
I just don’t get it …

Could it be a trailing slash problem?
Try adding a / at the end of your fullBaseUrl.
I have never worked with HAProxy so can’t help you there

Cheers Kevin - we tried adding a ‘/’ to end of the fullBaseURL and it makes no difference …

I believe it’s definitely something odd with HAProxy so will have to rely on the server admin folks to help fix this …

It’s not bouncing between http and https or anything like that?

I don’t suppose a redirect could be cache driven? You could try clearing it just in case. The CakePHP cache I mean. But perhaps your own cookies, if they are being use to get passed authentication, and debug somehow uses different creds/hash/csrf or whatever.

OK - so after much investigation and a lot of help from this fine Cake community, we think we’ve found the problem:

The Cake app was running perfectly on our AWS test server. We then moved it to client’s server [set up by someone else] and it works fine with debug => true but fails with redirect errors when debug => false.

No logging was giving us any insight. Just lots of redirects from the first page to the first page. It’s all https:// to https:// redirection, which is bonkers.

What we’ve discovered is that there was some code lurking in our AppController.php that was checking to see if $_SERVER['HTTPS'] was true and if not, redirect with https:// rather than http:// - this makes sense when debug => false as it’s the kind of thing one would want to check within Production environment.

Turns out that outwardly it all looks like https:// but internally all traffic between HAProxy and Apache is completely http:// and so our code then redirects to the same page [repeatedly] because it’s seeing on-secure URLs.

Setting App.fullBaseUrl looks like it ought to work but of course HAProxy sneakily makes this into an http:// call back to Apache.

I can set up LAMP stacks but I’m by no means a server expert, so the HAProxy behaviour took a while to find out.

THANK YOU for all your help!


I use .htaccess to handle that - use the right tool for the right job.

That would be my preference – can you elaborate ?

This was my first port of call but couldn’t use .htaccess to solve the issue.

Within the main App directory my .htaccess is this:

<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteRule    ^$    webroot/    [L]
    RewriteRule    (.*) webroot/$1    [L]

And then within webroot my .htaccess is this:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]

I tried adding this to the App directory .htaccess but this did not solve the problem:

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Any insights would be wonderful. My understanding is that HAProxy gets in the way and converts every Apache URL back to http:// so any work we do in .htaccess is negated - but I don’t know enough about server-side to make a call.

If your proxy is trumping htaccess then I don’t know sorry - maybe need help from someone also running a proxy or something like Coudflare. Having said, here is my simplest htaccess for a Cake app with http → https redirect, maybe it can help.

<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule ^ index.php [L]