If Dolos is hosted publicly behind a reverse proxy, Rails does not appropriately detect that HTTPS should be used for urls generated by the API, causing the front-end to fetch the CSV files using http instead of https (see #1518).
This PR fixes this issue by introducing a new environment variable DOLOS_API_URL which is used to detect the hosting properties. It supersedes the environment variables DOLOS_API_HOSTS and DOLOS_API_DISABLE_FORCE_SSL.
Unfortunately there is a bug in rails where files served using ActiveStorage don't listen to the relative_root_url (https://github.com/rails/rails/issues/43633). This can cause issues if the API is hosted on a subdirectory (https://example.com/api).
If Dolos is hosted publicly behind a reverse proxy, Rails does not appropriately detect that HTTPS should be used for urls generated by the API, causing the front-end to fetch the CSV files using http instead of https (see #1518).
This PR fixes this issue by introducing a new environment variable
DOLOS_API_URLwhich is used to detect the hosting properties. It supersedes the environment variablesDOLOS_API_HOSTSandDOLOS_API_DISABLE_FORCE_SSL.Unfortunately there is a bug in rails where files served using ActiveStorage don't listen to the
relative_root_url(https://github.com/rails/rails/issues/43633). This can cause issues if the API is hosted on a subdirectory (https://example.com/api).See https://github.com/dodona-edu/dolos/issues/1523 for more details and a workaround.