search

TrestleAdmin / trestle

A modern, responsive admin framework for Ruby on Rails
https://trestle.io
GNU Lesser General Public License v3.0
1.97k stars 177 forks source link

redirect_to not including https when needed #324

Open NomNomCameron opened 4 years ago

NomNomCameron commented 4 years ago

Just ran into an issue with the redirect that happens when saving a resource in the admin dashboard. The response headers location property isn't including https, even when setting Trestle::Engine.routes.default_url_options = { protocol: "https" }

setting config.force_ssl = true doesn't work for me (I think) because the production server is behind a proxy and handles the SSL stuff.

I'm not sure entirely what the proper fix would be here but making Trestle::Engine.routes.default_url_options = { protocol: "https" } would have worked for me.

Wanted to see if anyone else ran into this and/or had any recommendations

spohlenz commented 4 years ago

My understanding is that Rails should theoretically be handling this for you, assuming your proxy server is correctly setting the X-Forwarded-Proto header. See https://stackoverflow.com/a/10432596

Also just to clarify, were you able to set Trestle::Engine.routes.default_url_options to solve the issue (perhaps in an initializer)?

nedmax commented 1 year ago

I was struggling with an issue like this the last 4 hours. I focused in getting X-Forwarded-Proto = https to Rails and that worked in local development, but not in production (Cloudfront -> Nginx-Ingress -> Nginx-Pod -> Rails).

I resolved it removing these headers (probably added by Nginx-Ingress):

proxy_set_header X-Forwarded-Port "";
proxy_set_header X-Forwarded-Scheme "";
proxy_set_header X-Scheme "";