logout url not responding with https

[xenoterracide]

Summary

I've got my spring boot container behind Amazon cloudfront with the following settings

server.tomcat.remote_ip_header=x-forwarded-for
server.tomcat.protocol_header=x-forwarded-proto

it has worked well for everything so (including some returned Hateoas links) except now for logout. I set the logout url to / it's returning the right domain, but not https. `

Actual Behavior

post to logout, via proxy via https://domain.tld returns a 302 http://domain.tld/

Expected Behavior

post to logout, via proxy via https://domain.tld should return a 302 https://domain.tld/

Configuration

@EnableWebSecurity
class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure( final WebSecurity web ) throws Exception {
        web.ignoring()
                .antMatchers( "/", "/index.html", "/partials/**/*.html" )
                .antMatchers( "/webjars/**/*.js" )
                .antMatchers( "/webjars/**/*.css" );
    }

    @Override
    protected void configure( final HttpSecurity http ) throws Exception {
        http.authorizeRequests().anyRequest().authenticated()
                .and().httpBasic()
                .and().logout().logoutSuccessUrl( "/" )
                .and().csrf().disable();
    }

}

Version

4.0.x

[ronil23]

any updates on this issue?

[rwinch]

Spring Security just uses the information from the container. This is a question about how to setup your container for using a proxy server correct. Try the instructions in Proxy Server Configuration or Running Behind a Front-end Proxy Server

[xenoterracide]

@rwinch ... seems suspect since what I put in this ticket suggested that I did follow those instructions, and it was working for everything else.

P.S. I appreciate the timely response.

[xenoterracide]

... looks at what I wrote very carefully...

actually could be my problem was that I didn't change the header to CloudFront-Forwarded-Proto ... I don't have time to verify this though.