Heroku SSL termination breaks Transport Security for downloads

[Eugeny]

When deploying to Heroku, the download URLs will use http:// instead of https:// as getFullUrl() uses req.protocol, which is always 'http' on Heroku

[Joshandrews43]

I am getting NSURLErrorDomain, code=-1022 when I try to use autoUpdater which I have traced back to this issue as well. Any luck resolving it?

[Eugeny]

I've just patched my instance to force https for the time being

[Joshandrews43]

@Eugeny Hmm odd, I patched it partially it seems as now I am getting "updates available" but then afterwards am receiving the NSURLErrorDomain message before the download completes / begins. I am running it from a heroku server and have my domain set as: 'https://appname.herokuapp.com/update?version=' + version + '&platform=' + platform;

Potentially has to do with a redirect occuring from the URL above to: 'https://appname.herokuapp.com/update/platform/version', such that the responding URL is not the same as the request? However, when I use the former URL as my initial, it gives me this -1022 error without even checking for updates.

Any ideas why it would all of a sudden be OK with the URL in the beginning (whereas before I wasn't even getting to "checking for updates") and then error for the download portion?

[Eugeny]

@Joshandrews43 check whether your URLs have https:// via the debug endpoint: https://.../update/win32/1

The feed URL format is /update/win32/:version as per https://nuts.gitbook.com/update-windows.html

[Joshandrews43]

@Eugeny Just solved my problem. I did end up using https, however I just got other errors afterwards. Turns out I had to install the application as a .dmg file to my computer and then issue updates to the heroku server as a .zip otherwise they wouldn't download (on mac). Not sure why; any idea?

[ddnetters]

For people running into this issue it can be solved by setting TRUST_PROXY to true in your heroku config vars