Signed URL Issue

Hi @nnproducts,

Thanks for providing so much information about the issue you are having.

The signing token used for verification is stored in the database, so I wouldn’t think that’s the cause of the problem. The two most common reasons the validation fails is:

1. The Home URL / Site URL setting in WordPress is configured with the https:// protocol, however another plugin like Really Simple SSL is forcing HTTPS. The fix is to update your Home URL / Site URL to https://. Once done, complete a new form submission and verify the new signed link works (note: the old links generated before this change still won’t work).
2. The PHP application is behind a reverse proxy that terminates HTTPS, and because of that PHP’s$_SERVER['HTTPS'] superglobal isn’t being set to on. If that’s the case, you’ll need to manually set this value in your wp-config.php file.

If you aren’t affected by the above, on rare occasions another WordPress plugin or a reverse proxy (like Cloudflare) manipulates the URL prior to the verification process occurring. This is difficult to pinpoint what causes the conflict, but I’d start by checking if you are affected by this problem.

You can test for this by adding the following code to your production site, setting WP_DEBUG_LOG to true, replicating the issue, and then inspecting the debug.log file:

add_filter( 'gfpdf_pdf_middleware', function ( $error, $entry, $settings ) {

	$protocol = isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] === 'on' ? 'https://' : 'https://';
	$domain   = $_SERVER['HTTP_HOST'];
	$request  = $_SERVER['REQUEST_URI'];

	$url = esc_url_raw( $protocol . $domain . $request );

	// log the signed URL
	error_log( sprintf( 'PDF Signing Request: %s', $url ) );

	return $error;
}, 10, 3 );

Compare the URL being logged to the one generated by Gravity PDF on your confirmation page. They are suppose to exactly match. If they don’t match (and it’s not because of the protocol), the next step is to rule out plugin/theme conflicts. Follow this guide to complete this test: https://docs.gravityforms.com/testing-theme-plugin-conflict/

Let me know how all these checks go. ??

Hey Jake ,

Thanks for the quick and very detailed response!

I check all of your suggested options and when I got to the debugging, the signed URL was consistent and I was fixated on that. But, a co-worker pointed out that the generated URL had “http” rather than “https” and that was the culprit due the protocol somehow not being updated in the Options table. ??

Always surprising how often it’s the simplest thing that’s overlooked.

Thanks for a great plugin!

• This reply was modified 4 months, 1 week ago by nnproducts.

It’s fantastic to hear you’ve been able to track down and fix the conflict on your production site. Sounds like it was a real head scratcher for awhile there!

Happy PDFing ??