Active_model_serializers: Related links being sent over http instead of https
Expected behavior vs actual behavior
I have force_ssl on, so I want my related links to have https:// instead of http://
Steps to reproduce
- Start project with rails.
- Add
config.force_ssl = true - Create user resource with nested comments
- Add user serializer with:
has_many :comments do
link :related do
user_comments_url(user_id: object.id)
end
include_data false
end
- Related links will only have
http
Environment
ActiveModelSerializers Version _(commit ref if not on tag)_: v0.10.2
Output of ruby -e "puts RUBY_DESCRIPTION": ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin14]
OS Type & Version: OS X v10.11.5
Integrated application and version _(e.g., Rails, Grape, etc)_: Rails
Backtrace
_(e.g., provide any applicable backtraces from your application)_
On Ember app, I get this javascript error:
Mixed Content: The page at 'https://test.com/users/1' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://api.test.com/users/1/comments'. This request has been blocked; the content must be served over HTTPS.
djsegal
All 5 comments
@djsegal Good catch for the documentation. The links are generated by Rails url helpers, which are just included in the Link) object
This most likely is a missing Rails config, but just to make sure:
What's the value of SerializationContext.url_helpers and SerializationContext.default_url_options?
They should be the same as Rails.application.routes.url_helpers and Rails.application.routes.default_url_options unless the Railtie is broken somehow.
Rails.application.routes.default_url_options[:protocol] should be https. See https://github.com/rails/rails/blob/4-2-stable/actionpack/lib/action_dispatch/routing/url_for.rb#L118
bf4
on 28 Jul 2016
_note: ___blank___.url_helpers is a module so i just checked the difference b/w method arrays_
| command | result |
| --- | :-: |
| ActiveModelSerializers::SerializationContext.default_url_options | {:host=>"api.test.com"} |
| Rails.application.routes.default_url_options | {:host=>"api.test.com"} |
| ActiveModelSerializers::SerializationContext.url_helpers.methods - Rails.application.routes.url_helpers.methods | [] |
| Rails.application.routes.url_helpers.methods - ActiveModelSerializers::SerializationContext.url_helpers.methods | [] |
djsegal
on 28 Jul 2016
@djsegal I don't think ActiveModelSerializers::SerializationContext.url_helpers.methods - Rails.application.routes.url_helpers.methods is what you're looking for. See the action dispatch link I pasted above. Most of these methods are dynamic, so, in terms of equality, checking object_id would be more appropriate, or checking for url_for, I guess. (Maybe try public_methods instead of methods).
In any case, unless you can show they are different, i.e. the bug is in AMS setting them up, the bug is in your Rails routing config :)
bf4
on 28 Jul 2016
@bf4, you're correct. closing the issue.
for future reference:
- to solve the problem, I added the following
initializer:
# ./config/initializers/force_ssl.rb
if Rails.application.config.force_ssl
Rails.application.routes.default_url_options[:protocol] = 'https'
end
@djsegal so much ❤️ ✨ for coming back and sharing your resolution! Do you think we should add this to the documentation?
bf4
on 29 Jul 2016
Related issues
PratheepV
·
4Comments
steverob
·
4Comments
yjukaku
·
5Comments
AlexCppns
·
5Comments
iggant
·
4Comments
Most helpful comment
@bf4, you're correct. closing the issue.
for future reference:
initializer: