nbudin
Redirected from https to https
Before login i am on a public area secure page like:
https://localhost/public_area
When click on a "Login" button i'll be redirect to the CAS service:
https://localhost/cas/login?service=http%3A%2F%2Flocalhost%2Fusers%2Fservice
And after successful login i lost my secure protocol, and i am redirected to
http://localhost/welcome
consistently with the URL generated by the application, in place of
https://localhost/welcome
Here is my config settings:
config.cas_base_url = "https://localhost/cas/"
thanks, best regards,
iwan
A clarification: in fact the communication is encrypted downstream of the web server. So the server receive an http request, not a https.
Is there a way to configure the gem to force the devise_cas_authenticatable to generate the correct redirection after login?
Ah, ok. I was looking at the code and seeing that cas_service_url does take into account the URL scheme used for the request, so I was confused as to what might be going wrong. But if the Ruby web server is in fact receiving an HTTP request, that would explain it.
There is probably a request header being set that tells Rails which URL is being proxied for, but that might depend on which proxy server you're using. Can you see something that looks like that in the request headers? If so, we may be able to implement smarter detection for this, assuming it's relatively consistent across proxy servers. If not, perhaps there's a Rack middleware or a Rails configuration parameter that can help with this by fooling Rails into thinking it's serving at the proxied URL.
I don't know if your'e using nginx, but this may be helpful to fixing your issue without needing to do a code change: http://stackoverflow.com/questions/6330595/how-to-fix-sinatra-redirecting-https-to-http-under-nginx
@iwan Did you try adding the below to your config/environments/production.rb file?
config.to_prepare { Devise::CasSessionsController.force_ssl }
config.to_prepare { Devise::RegistrationsController.force_ssl }
...
