Project

General

Profile

Actions

Defect #40490

open

login page back_url always use http not https

Added by Bill Hsu 8 months ago. Updated 9 days ago.

Status:
Needs feedback
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

I hava a Redmine 5.1.2.stable executed in container, and I use Apache HTTPD to proxy https to http port 3000. Evertyhing is working perfect, but my webpage is scaned by system and get a "Site does not enforce HTTPS" issue.
It says my login URL's back_url is http, not https. But all my service is running in https URL. How can I solve this issue to be

https://redmine.XXX.com/login?back_url=https%3A%2F%2Fredmine.XXX.com%2F

not

https://redmine.XXX.com/login?back_url=http%3A%2F%2Fredmine.XXX.com%2F

Actions #1

Updated by C S 8 months ago

Make sure that under Administration->Configuration the protocol has been set from http to https...

Actions #2

Updated by Bill Hsu 8 months ago

C S wrote in #note-1:

Make sure that under Administration->Configuration the protocol has been set from http to https...

Already configure as https, and work fine. Only login's back_url not work.

Actions #3

Updated by Go MAEDA 8 months ago

Does adding the following configuration to the reverse proxy server set up with Apache fix the problem?

RequestHeader set X-Forwarded-Proto "https" 
Actions #4

Updated by Marius BÄ‚LTEANU 9 days ago

  • Status changed from New to Needs feedback
  • Assignee set to Bill Hsu
Actions

Also available in: Atom PDF