`Rails.config.force_ssl` causes infinite redirect

[devdicated]

Hi there,

I'm having problems with running Thruster with force_ssl enabled in Rails. Is this supposed to work?

With the option disabled my app is loading normally, but this seems like a bad practice. If I enable the option the app keeps redirecting me to the same URL, which makes me think the proxy is not telling Rails that the connection is secure. (Maybe related to this? https://github.com/GoogleCloudPlatform/getting-started-ruby/issues/26)

Thanks!

[3v0k4]

It looks like Thruster is not setting the "forwarded" headers.

I'd be happy to submit a PR if @kevinmcconnell wants to support them.

In the meanwhile, you could use ActionDispatch::AssumeSSL.

[kevinmcconnell]

Yes, that's a good point. The only X-Forwarded header that's currently being set is X-Forwarded-For. Setting X-Forwarded-Proto should solve this. We should definitely do that 👍

I think instead of using NewSingleHostReverseProxy, we should switch to using a ReverseProxy with a Rewrite handler, and in there we can call SetXForwarded to populate those headers.

@3v0k4 if you're happy to create a PR for this, that would be awesome 🙏

Also, as noted above, in the meantime setting assume_ssl along with force_ssl will avoid the issue. That's how we've been running our apps.

[3v0k4]

Thanks for the tips, you saved me a ton of time.

I'll open a PR 🙂