Config.assume_ssl - could not login to devise

PMc · January 23, 2025, 6:18am

config.assume_ssl describes exactly my use-case, but when enabling, I could not logon to devise. This is what happens:

The clients browser connects to URL https://example.org/myapp/
The reverse proxy rewrites to http://app.intranet:8765/
Rack internally rewrites to https://app.intranet:8765/
Devise creates a redirect to https://app.intranet:8765/client/sign_in/
Rack SHOULD (imo) convert this back to http://app.intranet:8765/client/sign_in/ … but it doesn’t (obvious from the code).

The reverse proxy then does nothing with that Location, because it does not match with where the redirection did go. So the client browser ends up with an intranet redirect that it cannot digest in any way.

I did rewrite that location header in the r-proxy. But then the next error appeared and login still didn’t work:

HTTP Origin header (http://app.intranet:8765) didn't match request.base_url (https://app.intranet:8765)

This can also be rewritten, but at that point I got bored: how many more might appear?

Topic		Replies	Views
Rails 7.1's config.assume_ssl for Rails 7.0 rubyonrails-talk	6	1936	January 19, 2024
Help! How to redirect if SSL applied rubyonrails-talk	0	111	April 29, 2010
ssl_requirement does not redirect to https rubyonrails-talk	2	138	February 20, 2008
Actual flow of a redirect_to rubyonrails-talk	3	128	November 30, 2007
SSL for login pages - how do I configure this? (dreamhost) rubyonrails-talk	6	298	October 21, 2006

Config.assume_ssl - could not login to devise

Related topics

More Resources