Why does redirecting from HTTPS to HTTP fail in this Rails 4 app (OpenShift)? -

-

when user on http, can redirect him https (ssl) variant so:

redirect_to { protocol: 'https://', domain: 'ssl.tld' }

however, when want do reverse, creates infinite redirection loop. i've tried several variants. mention some:

redirect_to { protocol: 'http://', domain: 'nonssl.tld' }

redirect_to "http://nonssl.tld#{request.fullpath}"

the loop, according log:

000.000.000.000 - - [21/apr/2016:18:50:04 -0100] "get /en http/1.1" 302 887 "https://ssl.tld/en/users/sign_in" "= the_user_agent_here"

whereas https://ssl.tld/en/users/sign_in apparantly referrer/the current page before redirection.

i wonder why get shows path opposed url - given redirect_to "http://nonssl.tld#{request.fullpath}" should explicitly considered absolute url, according docs.

update here relevant part application_controller's before_action:

exceptions = ['errors', 'subscriptions', 'users'] ssl_is_mandatory = ! exceptions.include?(controller_name) currently_on_ssl = request.ssl?  if currently_on_ssl   if !current_user && !ssl_is_mandatory     logger.debug "#{__method__}: visitor on ssl, ssl not desired. redirecting non_ssl"     redirect_to "http://my.domain#{request.fullpath}"   end  else   if current_user || ssl_is_mandatory     logger.debug "#{__method__}: on no-ssl, user in session or ssl mandatory. redirecting ssl"     redirect_to { protocol: 'https://', domain: 'my.ssldomain' }   end end

update: requested marc in comments, here request headers:

request headers ssl domain

# curl -s -i https://ssl.tld http/1.1 302 found date: mon, 02 may 2016 23:33:34 gmt server: apache/2.2.15 (red hat) x-frame-options: sameorigin x-xss-protection: 1; mode=block x-content-type-options: nosniff cache-control: no-cache x-request-id: 8d182c5e-cec6-46c0-b845-eafe2d313fe2 x-runtime: 0.005948 x-powered-by: phusion passenger 4.0.18 location: https://ssl.tld/en content-length: 895 status: 302 found content-type: text/html; charset=utf-8 set-cookie: gear=local-554148915973ca816300021b; path=/  # curl -s -i https://ssl.tld/en http/1.1 200 ok date: mon, 02 may 2016 23:33:52 gmt server: apache/2.2.15 (red hat) x-frame-options: sameorigin x-xss-protection: 1; mode=block x-content-type-options: nosniff etag: "acf44db83201e4da25659ab8545936b3" cache-control: max-age=0, private, must-revalidate x-request-id: 671d9407-0cdd-4401-9537-abff660e1b18 x-runtime: 0.078496 x-powered-by: phusion passenger 4.0.18 content-length: 10964 status: 200 ok content-type: text/html; charset=utf-8 cache-control: private set-cookie: gear=local-554148915973ca816300021b; path=/ vary: accept-encoding

request headers nonssl domain

# curl -s -i http://nonssl.tld http/1.1 302 found date: mon, 02 may 2016 23:34:16 gmt server: apache/2.2.15 (red hat) x-frame-options: sameorigin x-xss-protection: 1; mode=block x-content-type-options: nosniff cache-control: no-cache x-request-id: 9f7b4341-0489-48fa-b15d-b45f787db690 x-runtime: 0.007811 x-powered-by: phusion passenger 4.0.18 location: http://nonssl.tld/en content-length: 873 status: 302 found content-type: text/html; charset=utf-8 set-cookie: gear=local-554148915973ca816300021b; path=/  # curl -s -i http://nonssl.tld/en http/1.1 200 ok date: mon, 02 may 2016 23:34:47 gmt server: apache/2.2.15 (red hat) x-frame-options: sameorigin x-xss-protection: 1; mode=block x-content-type-options: nosniff etag: "05294c86e7f806ebf2e90c5f52fd7497" cache-control: max-age=0, private, must-revalidate x-request-id: 25a0ac8c-6cba-4a83-9a15-b95474436a3e x-runtime: 0.290131 x-powered-by: phusion passenger 4.0.18 content-length: 10877 status: 200 ok content-type: text/html; charset=utf-8 cache-control: private set-cookie: gear=local-554148915973ca816300021b; path=/ vary: accept-encoding

update

i further simplified redirection code in application_controller's before_action:

def debug_toggle_ssl   if params[:x].eql?('yes')     redirect_to "http://nonssl.tld#{request.fullpath}"   end end

so now, reproduce issue:

  1. go https://ssl.tld
  2. try go https://ssl.tld/?x=yes
  3. notice how loop https://ssl.tld caused (http://nonssl.tld never requested)


Comments

Post a Comment

Popular posts from this blog

Django REST Framework perform_create: You cannot call `.save()` after accessing `serializer.data` -

-
i have following viewset: class artistprofileviewset(viewsets.modelviewset): queryset = artistprofile.objects.all() serializer_class = artistprofileserializer def perform_create(self, serializer): if serializer.is_valid(): serializer.save() with following serializers: class simpleartisttrackserializer(serializers.hyperlinkedmodelserializer): class meta: model = artisttrack fields = (...my fields...) class artistprofileserializer(serializers.hyperlinkedmodelserializer): owners = userserializer(many=true, required=false) tracks = simpleartisttrackserializer(many=true, required=false) class meta: model = artistprofile fields = (...my fields...) i getting following error: assertionerror: cannot call `.save()` after accessing `serializer.data`.if need access data before committing database inspect 'serializer.validated_data' instead. i don't see editing serializer.data object. th...
Read more

Why does Go error when trying to marshal this JSON? -

-
i'm trying rather simple example of trying decode json file structs using golang. however, when attempting error that json: cannot unmarshal object go value of type []main.track which don't understand. here's code in question, , json can found here . package main import ( "encoding/json" "fmt" "net/http" "os" ) // tracks group of track types type tracks struct { tracks []track } // track represents singular track type track struct { name string url string artist artist } // artist represents single artist type artist struct { name string mbid string url string } func main() { url := "http://ws.audioscrobbler.com/2.0/?method=geo.gettoptracks&api_key=c1572082105bd40d247836b5c1819623&format=json&country=netherlands" response, err := http.get(url) if err != nil { fmt.printf("%s\n", err) os.exit(1) } de...
Read more