This project is archived and is in readonly mode.

[Rails 3] Routes redirect method bug with https
Reported by Thibaud Guillaume-Gentil | August 19th, 2010 @ 01:43 PM | in 3.0.2
The redirect method doesn't work with https request scheme.
match 'account/logout' => redirect("/logout")
When going on https://www.example.com/account/logout, the redirect going on http://www.example.com:443/logout rather than https://www.example.com/logout. Quite annoying :(
I haven't found how to test https scheme on dispatch/routing_test.rb, sorry.
Comments and changes to this ticket
- 
         Andrew White August 19th, 2010 @ 03:09 PM- Milestone cleared.
- State changed from new to open
- Assigned user set to Andrew White
- Importance changed from  to High
 I've got a test but the scheme 'https' seems to be maintained, it's just adding an unnecessary 443 port number which I know where to fix. Can you confirm that this is the case for you? 
- 
            
         Thibaud Guillaume-Gentil August 19th, 2010 @ 03:16 PMIn my case https is not maintained and replaced by http. I can retry after you have fixed the useless 443 port addition, if you want. Thanks 
- 
         
- 
         Andrew White August 19th, 2010 @ 03:44 PMThe attached patch fixes the port number issue. I can't see how the scheme wouldn't be maintained since the redirect code reads it from the current request. 
- 
            
         Thibaud Guillaume-Gentil August 19th, 2010 @ 03:49 PMI don't test it, it's how it "work" on my staging Heroku env. Maybe it's an issue related to Heroku nginx config with the 443 port. I'll try with your patch tomorrow. 
- 
            
         Thibaud Guillaume-Gentil August 20th, 2010 @ 08:56 AMWith your patch the 443 port is properly removed but https is still replaced by http. 
 I have apply your patch on edge rails (http://github.com/thibaudgg/rails/tree/routes_patched) and make a little app (deployed on Heroku with SSL add-on (heroku addons:add ssl:piggyback)) to show you the https problem.The little app: http://github.com/thibaudgg/https_app 
 Heroku deploy: https://https-app.heroku.com (redirected to http://https-app.heroku.com/hello)Hope it'll help! 
- 
         Andrew White August 20th, 2010 @ 10:20 AMLooks as though the problem is in Rack rather than Rails. Looking at the source code for the various handlers not all of them set the rack.url_scheme environment variable correctly. There's already a workaround for request.ssl? which will work here as heroku sets HTTP_X_FORWARDED_PROTO to https if the incoming request is ssl. The attached combined patch should fix it. 
- 
            
         Thibaud Guillaume-Gentil August 20th, 2010 @ 02:29 PMGreat, our second patch fix the problem. https://https-app.heroku.com => https://https-app.heroku.com/hello Thanks a lot Andrew and have a nice week-end. 
- 
         Repository August 20th, 2010 @ 02:41 PM- State changed from open to resolved
 (from [47280f083a06dfd034f2e1a2661adf02b0e3a064]) Don't add the standard https port when using redirect in routes.rb and ensure that request.scheme returns https when using a reverse proxy. [#5408 state:resolved] Signed-off-by: José Valim jose.valim@gmail.com 
 http://github.com/rails/rails/commit/47280f083a06dfd034f2e1a2661adf...
- 
         Repository August 20th, 2010 @ 02:42 PM(from [0d0fbf1e648606c9499e332bad412da005a4e37f]) Don't add the standard https port when using redirect in routes.rb and ensure that request.scheme returns https when using a reverse proxy. [#5408 state:resolved] Signed-off-by: José Valim jose.valim@gmail.com 
 http://github.com/rails/rails/commit/0d0fbf1e648606c9499e332bad412d...
- 
         
- 
            
         blair.silverberg January 26th, 2011 @ 04:15 PMI am still encountering this problem on heroku. When navigating to https://secure.ignitiontutoring.com user is redirected to http://secure.ignitiontutoring.com. 
- 
         Andrew White January 26th, 2011 @ 04:37 PMBlair, you'll need to give me more to work with than that - for example a dump of the request environment that your app receives, some relevant routes and whether you're using any plugins, gems or middleware that performs ssl redirects like ssl_requirement or rack-ssl-enforcer. 
- 
            
         mdrozdziel February 3rd, 2011 @ 05:15 AMLooks like I am getting this error too. I am using rack-ssl-enforcer with :strict => true. Every https:// request (which should be enforced to http://), and is beeing redirected inside the controller ends up beeing redirected to http://https:// 
- 
            
         mdrozdziel February 4th, 2011 @ 11:24 AMI am very sorry, but this is probably not related to the previous bug. I read Blair's report, and immediately though that this is the case. I even created a demo app, but it turned out it works in on a clean up. I found that url_for help was returning http://https://.. paths. This is probably more related to translate_routes gem, than rack-ssl-enforcer. In case someone runs into this issue and ends up here from Google: I solved this for just by adding :path_only => true to the url_for helpers. Now everything is ok. 
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
People watching this ticket
Attachments
Tags
Referenced by
- 
         5408 
          [Rails 3] Routes redirect method bug with https
        [#5408 state:resolved] 5408 
          [Rails 3] Routes redirect method bug with https
        [#5408 state:resolved]
- 
         5408 
          [Rails 3] Routes redirect method bug with https
        [#5408 state:resolved] 5408 
          [Rails 3] Routes redirect method bug with https
        [#5408 state:resolved]
 Andrew White
      Andrew White
 Jeremy Kemper
      Jeremy Kemper
 Piotr Sarnacki
      Piotr Sarnacki
 Thibaud Guillaume-Gentil
      Thibaud Guillaume-Gentil