Announcement Announcement Module
No announcement yet.
Do redirects over HTTPS when the web server is running over HTTP Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Do redirects over HTTPS when the web server is running over HTTP

    This one is a bit thorny - we're running a Apache over HTTPS in front of our web servers, which run over HTTP. So the client interacts with Apache over HTTPS which than passes the request to a web server over HTTP.
    Since the web server running the application is on HTTP, then when Spring Security does a redirect, that's done over HTTP - Apache will pass that back to the client as is - and the client will now do a request over HTTP.
    This request will be blocked by the browser, since it's on a different protocol, because the Same Origin Policy is kicking in (it's an Ajax XHTTP request).
    So, what I was hoping I could do is to configure Spring Security to do the redirects over HTTPS, even if it's actually running on HTTP - essentially overriding the protocol somehow - either manually (which I can probably do based on the referrer information) or, if possible, automatically. The goal to have redirects on HTTPS is that the client would get them and do them on HTTPS, as it should, so the Same Origin Policy won't block the request.
    So, my question is if this is possible somehow, or if there is a better solution to approach this (other than running the web server over HTTPS, or using Apache itself to change the protocol in the redirect - which are external solutions).

    Any help is appreciated - this is a tricky one.
    Last edited by eugenparaschiv; May 30th, 2012, 04:32 AM.