Framework: Email verification 403 invalid signature.

Hmm, I think it's probably related to some misconfiguration. I've already used this with SES. Can you first please try one of the following support channels? If you can actually identify this as a bug, feel free to report back.

• Laracasts Forums
• Laravel.io Forums
• Discord
• Larachat
• IRC
• StackOverflow

I have the same problem. laravel version v5.7.19

@Claud I fixed the issue by changing the APP_URL to match the domain the request is coming in on, obviously you need to config:cache etc.

Hope this helps :)

I fixed the issue by changing the APP_URL to match the domain the request is coming in on, obviously you need to config:cache etc.

Wow, it took me a few hours to stumble on this and resolve my issue.

I fixed the issue by changing the APP_URL to match the domain the request is coming in on, obviously you need to config:cache etc.

@driesvints

Would it be a problem to include this bit of info as a special note for the SES Driver here? --> https://laravel.com/docs/5.7/mail#introduction Driver Prerequistes > SES Driver

https://github.com/laravel/docs/blob/5.7/mail.md

@lmj0011 sure, send in a PR

The same problem in Laravel 5.8.10

@Claud I fixed the issue by changing the APP_URL to match the domain the request is coming in on, obviously you need to config:cache etc.

Hope this helps :)

This doesn't help(

I have the same problem. I made the request from postman for an api route, and I'm going in to check the email by browser.
Would I have any conflicts if I did so? The above solution did not solve my problem either.

For me the problem was that I had enabled valet secure, so all my url's were changed to https. It was still signing the url's with http, so of course it wasn't valid when it checked with a url from https.

this continues happened on laravel 5.8.31 if time expires you got error 403.

Hello, i'm working on Laravel 5.8.15 and i have the same error !

I did set the .env file
APP_ENV=production
APP_URL=https://domain.co/
APP_USE_HTTPS=true

in the AppServiceProvider
public function boot(UrlGenerator $url)
{
URL::forceScheme('https');
}

In web.php and api.php
if (App::environment('production')) {
URL::forceScheme('https');
}

and in the TrustProxies file
protected $proxies = '*';

but I still getting the same error (403 | Invalid signature.) on the email verification!
someone can helpme ?

This issue is mainly introduced by adding following in your code,

URL::forceScheme('https');

If you are just trying to fix SSL URL links (When SSL is terminated in your load balancer & laravel server is receiving requests on port 80), you should not above approach. Instead, use approach given by Laravel. It will take care of exact this scenario.

https://laravel.com/docs/6.x/requests#configuring-trusted-proxies

If you have to have forceShceme anyway, make sure you configure TrustedProxies

It's 2020 and I still get the same problem on production with Laradock.

I have applied several times

$ php artisan key:generate

I have updated my .env file at APP_URL to match the https://my-domain.com, which works well, since right at mailtrap, the email verify URL matches perfectly the domain.

So then why do I still get that 403 invalid signature error?

I tried URL::forceScheme('https'); and it didn't work. I don't feel like trying TrustedProxies. Will it actually work?

Does clear cache work?

Does anybody know how to fix this?

Hey everyone,

I'm locking this issue because it either has gone off-topic, become a dumping ground for things which shouldn't be in an issue tracker or is just too old. Please try to discuss things further on one of the below channels:

• Laracasts Forums
• Laravel.io Forums
• StackOverflow
• Discord
• Larachat
• IRC