ironjan / klausurtool-ror

Previous Klausurtool of the FSMI UPB.

Apache License 2.0

2 stars 0 forks source link

Open ironjan opened 7 years ago

ironjan commented 7 years ago

Steps to reproduce:

What happens: Lending form is HTTP. Expected: Lending form should be delivered https.

Notes

HTTPs seems to work for the rest of the tool as intended; this was the only case found in which HTTPS was replaced by HTTP.
https://www.pluralsight.com/guides/ruby-ruby-on-rails/using-https-with-ruby-on-rails may help to force HTTPS on everything. Root Cause of issue above has to be found first.

Gigadoc2 commented 7 years ago

The web server should handle SSL termination and enforcement, unless there is a reason to enforce HTTPS on selected (and changing) paths only.

ironjan commented 7 years ago

ausleihe and lend a folder; the lending form is delivered via http instead of https.

Note that #236 has a very low priority as the deployment is still done via docker :'(

Gigadoc2 commented 7 years ago

I'm confused, for me everything except the yahooapis css is delivered via https…

Is the tool using absolute urls somewhere?

ironjan commented 7 years ago

The tool does not use absolute URLs in the code except for external resources (die-fachschaft.de, github, the css you mentioned [0]).

It seems that the error is located in https://github.com/ironjan/klausurtool-ror/blob/master/app/controllers/ausleihe_controller.rb#L81 . This method will redirect the user according to input (lending_form, returning_form). It seems, that the redirects here pick HTTP over HTTPS for some reason.

Using the other functions of the tool over HTTPS works as intented.

[0] …which probably should be available via HTTPS or delivered by the app itself.