Project

General

Profile

Actions
Copy link

Defect #40490

open

login page back_url always use http not https

Added by Bill Hsu about 1 month ago. Updated 28 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

I hava a Redmine 5.1.2.stable executed in container, and I use Apache HTTPD to proxy https to http port 3000. Evertyhing is working perfect, but my webpage is scaned by system and get a "Site does not enforce HTTPS" issue.
It says my login URL's back_url is http, not https. But all my service is running in https URL. How can I solve this issue to be

https://redmine.XXX.com/login?back_url=https%3A%2F%2Fredmine.XXX.com%2F

not

https://redmine.XXX.com/login?back_url=http%3A%2F%2Fredmine.XXX.com%2F

Actions
Copy link
 #1

Updated by C S about 1 month ago

Make sure that under Administration->Configuration the protocol has been set from http to https...

Actions
Copy link
 #2

Updated by Bill Hsu about 1 month ago

C S wrote in #note-1:

Make sure that under Administration->Configuration the protocol has been set from http to https...

Already configure as https, and work fine. Only login's back_url not work.

Actions
Copy link
 #3

Updated by Go MAEDA 28 days ago

Does adding the following configuration to the reverse proxy server set up with Apache fix the problem?

RequestHeader set X-Forwarded-Proto "https"
Actions
Copy link

Also available in: Atom PDF