Defect #40490
openlogin page back_url always use http not https
0%
Description
I hava a Redmine 5.1.2.stable executed in container, and I use Apache HTTPD to proxy https to http port 3000. Evertyhing is working perfect, but my webpage is scaned by system and get a "Site does not enforce HTTPS" issue.
It says my login URL's back_url is http, not https. But all my service is running in https URL. How can I solve this issue to be
https://redmine.XXX.com/login?back_url=https%3A%2F%2Fredmine.XXX.com%2F
not
https://redmine.XXX.com/login?back_url=http%3A%2F%2Fredmine.XXX.com%2F
Related issues
Updated by C S about 1 year ago
Make sure that under Administration->Configuration the protocol has been set from http to https...
Updated by Bill Hsu about 1 year ago
C S wrote in #note-1:
Make sure that under Administration->Configuration the protocol has been set from http to https...
Already configure as https, and work fine. Only login's back_url not work.
Updated by Go MAEDA about 1 year ago
Does adding the following configuration to the reverse proxy server set up with Apache fix the problem?
RequestHeader set X-Forwarded-Proto "https"
Updated by Marius BĂLTEANU 5 months ago
- Status changed from New to Needs feedback
- Assignee set to Bill Hsu
Updated by Go MAEDA 2 months ago
- Related to Defect #40707: Need update back_url definition to use relative url added