'unexpected error' when trying to log into panel

I’ve suddenly run into an error on my site where trying to login gives an “unexpected error” message.

The console is giving me this message:
Failed to load http://www.mydomain.com/panel/api/auth/login: Response for preflight is invalid (redirect)

I’ve tried googling that error, and it sounds like it could be an https related issue? My webhost recommended I install a free SSL certificate recently, which I did, so could that be the problem?

Sorry I’m a total novice with this kind of thing, but would appreciate any help. Thank you

Try to set ssl to true in your config:

c::set('ssl', true);

Don’t know if it helps, but worth a try.

Is the SSL certificate issued for the www domain? Or are you using any non-www to www or vice versa redirects that don’t work as expected?

No luck with the first suggestion, but I tried removed the www to non-www redirect i had set in the .htaccess and now I can log in. Success!

Are you able to explain to me what this issue was about, and how I can go about URL normalization without upsetting kirby?

Thanks for your help :slight_smile:

First of all, check if your certificate is issued for the www and/or the non-www domain, contact your hosting provider if in doubt. It doesn’t make sense to have a certificate for the www domain only but then redirect to non-www.

Also, you should not only redirect from www to non-www, but also from http to https, the above error message shows the http protocol instead of the https protocol that I would expect if the certificate is active.

And make sure the clear the browser cache, sometimes that leads to issues as well.

All these things have to be set correctly, otherwise you run into issues.

Ok great, thanks for those tips I will follow through on all of that. I don’t think the certificate would have only been issued on www but I will enquire.

What I’m finding now is that I can log in to the panel, but only through the www and not the non-www domain. Is that to be expected?

Thanks again.

You could also try to set the URL in addition to forcing SSL

c::set('url', 'https://domain.com');
c::set('ssl', true);

But force both https and non-www in your .htaccess.