Initial startup redirect (http vs https)


#1

Hi All,

Whenever I start up an application the first call gets redirected…

eg
http://www.mysite.com/
to
http://www.mysite.com/index.cfm?furl=/

Normally I wouldn’t have an issue , but in the case I’m doing an ajax call from a remote site over https and the redirected address gets pushed back as an http call throwing a ‘Mixed content’ error killing the ajax call.

eg
https://www.mysite.com/
to
http://www.mysite.com/index.cfm?furl=/

Can anyone point me to where this is happing because I’d like to add a

application.fapi.getConfig("environment", "*canonicalProtocol*", "")

to the front of it.

Cheers
Phil


#2

what does your rewrite rule for your web server look like?


#3

Yeah I’m pretty sure it’s related to my server setup. I use nginx to handle 80 and 443 requests and proxy through to apache running on port 81.
The reason I use nginx is so that I can use multiple ssl’s on the same IP. And the reason I haven’t abandoned apache is because I use mod_security.

RewriteRule ^([a-zA-Z0-9/-%+:[]{}|;<>?,*!@#$\ ()^_`~]*)$ /index.cfm?furl=$1 [L,PT,QSA]


#4

Does your Apache config ServerName include the protocol (https://)? I
think that can sometimes be a reason for getting switched off https during
a redirect.


#5

Thanks Justin, I’ll try the ServerName change tonight although I’d never heard of that done before :face_with_raised_eyebrow:.

If I add it into the redirect it to the redirect I get a bad request.
RewriteRule ^([a-zA-Z0-9/-%+:[]{}|;<>?,*!@#$\ ()^_`~]*)$ https://%{HTTP_HOST}/index.cfm?furl=$1 [L,PT,QSA]

Of course my issue only occurs of the very first request to the application. After that it’s fine. I guess I could do a work around by making a scheduled call after the server starts.
Phil


#6

Yeah sounds like it. I’m not sure what to recommend. The rewrite rule looks correct. Maybe handle it in nginx instead of Apache