Reputation: 4088
When using Spring redirects browser changes request from HTTPs to HTTP
All request comes on HTTPs and internally managed on HTTP. Everything works fine until it hits re-direct return "redirect:/link/somePage.htm";
The moment redirect is called, Chrome browser complains about insecure page and the message displayed is The information you’re about to submit is not secure. The same works fine on Firefox.
Of course redirect causes link to change from HTTPs to HTTP on Chrome. Where as Firefox has no issue.
Has anyone encountered this recently on above mentioned browsers or something underline has changed, which would mean deeper investigation.
Firefox - 81.0.2 & 83.0, Chrome - 87.0.4280.88
Upvotes: 1
Views: 703
Answers (2)
Reputation: 1
We had this problem, reported to me on Monday (12/14/2020). It was reproduceable on Tuesday (12/15/2020). Today, Wednesday (12/16/2020) we do not get the warning from Chrome. No changes have been made to the site. However, accessing the site with lighthouse, does report the problem. Did something happen to change the detection or reporting?
Upvotes: 0
Reputation: 368
We searched for a solution all day long. We found that we need to add the following headers:
- For Appache server:
RequestHeader set X-Forwarded-Proto https - For NGINX server:
proxy_set_header X-Forwarded-Proto $scheme;
Another possible solution on NGINX with reverse proxy is to use the command :
proxy_redirect http:// https://;
Upvotes: 1
Related Questions
- Spring MVC "redirect:" prefix always redirects to http -- how do I make it stay on https?
- Spring Boot redirect HTTP to HTTPS
- How to configure Spring Security to use https redirect after login?
- spring boot automatic redirect http to https
- Disable spring security https redirecting
- Redirects been downgraded from Https to Http
- Redirect to HTTPS fails Spring Security
- Spring Security does not redirect HTTP to HTTPS
- Cannot stop Spring redirecting https to http
- Adding HTTPS support causes loop redirection