You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
;; HACK Jetty defaults to not comply with RFC 3986 section 5 in that by default it rewrites;; relative and absolute redirects to complete URL. When you terminate SSL on the load-balancer in;; front of Jetty, url scheme ends up HTTP, so Jetty's response has location header set to;; e.g. http://fullmeta.co.uk/hello for redirect to /hello. Since original request comes from;; behind https, browser blocks such redirects. Propre way to handle this is to:;;;; (doto (HttpConfiguration.);; (.setRelativeRedirectAllowed true));;;; Sadly no ring jetty adapter in use allows to do that.
Simplest solution though temporary. Fork, change one line to setRelativeRedirectAllowed and pull it as git module, until I get to take it over and integrate into fullmeta web.
Turns out I have wrap-absolute-redirects middleware wrapped around my handlers and likely it was the one messing up http vs https. Try to remove and then test deploy without the temp hack - see if it fixes the issue.
Problem well described:
https://stackoverflow.com/questions/25652718/do-relative-server-side-redirects-respect-the-protocol
https://www.eclipse.org/jetty/javadoc/jetty-10/org/eclipse/jetty/server/HttpConfiguration.html#setRelativeRedirectAllowed(boolean)
https://github.com/ring-clojure/ring/blob/master/ring-jetty-adapter/src/ring/adapter/jetty.clj#L68
https://github.com/sunng87/ring-jetty9-adapter/blob/master/src/ring/adapter/jetty9.clj#L127
jetty/jetty.project#6883
The text was updated successfully, but these errors were encountered: