search

spring-attic / spring-social

Allows you to connect your applications with SaaS providers such as Facebook and Twitter.
http://projects.spring.io/spring-social
Apache License 2.0
619 stars 351 forks source link

SOCIAL-447: Fix OAuth2 redirect url when server is behind a proxy #193

Closed jaffadog closed 8 years ago

jaffadog commented 8 years ago

https://jira.spring.io/browse/SOCIAL-447

I have signed and agree to the terms of the SpringSource Individual Contributor License Agreement.

When we are behind a proxy which is terminating SSL and forwarding our server http rather than the original https or the original user request, OAuth2AuthenticationService will incorrectly generate a redirect_uri using the http scheme rather than https. A similar issue can occur if the proxy is doing port translation. To correct this, we are replacing the original approach, which is to use HttpServletRequest.getRequestURL() with an approach that looks for and uses X-Forwarded-Proto and X-Forwarded-Port request headers, which should be inserted by the proxy.

keyuls commented 6 years ago

Which version of Spring-Social has this update?

pivotal-issuemaster commented 6 years ago

@jaffadog Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

pivotal-issuemaster commented 6 years ago

@jaffadog Thank you for signing the Contributor License Agreement!

darrachequesne commented 6 years ago

Would it be possible to backport this fix in the 1.1.x branch please?

Related: https://github.com/spring-projects/spring-social/issues/258