Redirect on logout

Support
#1

Hello,
I am using Jmix v1 (1.5.4 right now).
I have my app running on host using apache for making it available through https://<host_domain_name>.
On logout the app redirects to http://localhost:port but I want to stay at https://<host_domain_name>.
Can you please help me with to achieve that?

Thank you,
Ilias

1 Like
#4

I am seeing the same thing happen on jmix 2.3.0. I have a user with Firefox and after logout she is redirected to http instead of https. My server requires https traffic, so she does not get the login screen after log out.

#5

Some more details on what I see.

  • I navigate my browser to https://app.server.com and log in
  • When I click log out, my browser is redirected to https://app.server.com
  • That request is responded with 302 redirect to http://app.server.com/login. Note this is non-secure http
  • My browser at this time (Chromium on Linux) then appears to try both the http and https version of that address and due to my ignoring of http traffic, only the https one works.
  • Using FireFox, if I navigate to https://app.server.com, the initial redirect does not use https and this browser does not seem to try it. I will look for a FireFox setting to see if there is some relief there.

Ideally, the redirect from https://app.server.com to the login page would preserve the https.

#7

Did some more research and found a solution. The specifics of my situation are:

  • Requests come into an AWS load balancer (ALB)
  • SSL is terminated at the ALB and only http traffic is sent to the EC2 server
  • ALB does not accept any outside http traffic (only https)
  • tomcat wants to redirect to http because that is what it sees
  • added properties (below) to tell tomcat to pay attention to the x-forwarded-proto header
  • Success - now tomcat redirects to the https version of the URLs

Found solution at Spring documentation: Enable HTTPS When Running Behind a Proxy Server

Added these 2 lines to my application.properties file:

server.tomcat.remoteip.remote-ip-header=x-forwarded-for
server.tomcat.remoteip.protocol-header=x-forwarded-proto
2 Likes