HTTP OAuth calback is requested even if HTTPS is enabled

seanthegeek · June 22, 2015, 11:23pm

I have HTTPS enabled on my site, enforced by a 301 redirect from HTTP to HTTPS by the reverse proxy in front of it. When I tried to login with Google, Google complained that the requested callback URL did not match the registered callback URL, the difference being that the registered callback URL uses HTTPS, and the requested URL uses HTTP…

sam · June 22, 2015, 11:48pm

That would be the cause, you need to ensure NGINX has the headers set correctly, when we need to enforce this we add:

 - replace:
         filename: /etc/nginx/conf.d/discourse.conf
         from: $thescheme;
         to: https;
         global: true

seanthegeek · June 23, 2015, 1:19am

Where does that go? I tried adding it web_only.yml, under

hooks:
  after_code:

And got

Errno::ENOENT: No such file or directory - /etc/nginx/conf.d/discourse.conf

sam · June 23, 2015, 1:23am

after_web_config:

https://github.com/discourse/discourse_docker/blob/master/templates/web.template.yml#L121

JammyDodger · June 8, 2024, 12:46pm

This topic was automatically closed after 3273 days. New replies are no longer allowed.

Topic		Replies	Views
Oauth2 redirect_uri uses HTTP when my forum is using HTTPS SSO oauth2	6	1548	July 8, 2018
Redirect URI mismatch in Google Auth Support	2	971	August 16, 2019
I can not redirect http to https Support	0	671	August 30, 2021
SSL problem with SSL proxy Installation	6	715	July 13, 2022
Fixing SSL mixed content errors with external NGINX proxy via UNIX socket Installation	2	1055	December 29, 2019

HTTP OAuth calback is requested even if HTTPS is enabled

Related Topics