Closed jaffadog closed 8 years ago
Which version of Spring-Social has this update?
@jaffadog Please sign the Contributor License Agreement!
Click here to manually synchronize the status of this Pull Request.
See the FAQ for frequently asked questions.
@jaffadog Thank you for signing the Contributor License Agreement!
Would it be possible to backport this fix in the 1.1.x branch please?
Related: https://github.com/spring-projects/spring-social/issues/258
https://jira.spring.io/browse/SOCIAL-447
I have signed and agree to the terms of the SpringSource Individual Contributor License Agreement.
When we are behind a proxy which is terminating SSL and forwarding our server http rather than the original https or the original user request, OAuth2AuthenticationService will incorrectly generate a redirect_uri using the http scheme rather than https. A similar issue can occur if the proxy is doing port translation. To correct this, we are replacing the original approach, which is to use HttpServletRequest.getRequestURL() with an approach that looks for and uses X-Forwarded-Proto and X-Forwarded-Port request headers, which should be inserted by the proxy.