Devise: Cann't login in Google Chrome after adding ssl through Nginx
Environment
- Ruby [2.5.0p0]
- Rails [5.1.5]
- Devise [4.4.1]
Current behavior
Before adding Nginx and ssl certificate, I could login normally using any browser.
However, after adding Nginx and ssl certificate, I can sign in normally using Mozilla Firefox. But, when using Google Chrome, I cann't login, instead I get the following inside my log messages:
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"<some token>==", "user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"}
HTTP Origin header (https://<domain name>) didn't match request.base_url (: https://<domain name>:80)
My Nginx configuration for /
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Proto: $scheme;
}
Note: If I remove proxy_set_header X-Forwarded-Proto: $scheme; from /etc/nginx/conf.d/ssl.conf The error in log file changes to:
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"<some token>==", "user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"LOG IN"}
HTTP Origin header (https://<domain name>) didn't match request.base_url (http://<domain name>:3000)
Is this a bug in Devise?
Expected behavior
The expected behavior is being able to login using any browser.
TamerB
All 4 comments
can you try this?
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
}
saiqulhaq
on 21 Apr 2018
Please use StackOverflow for questions/help, where a wider community will be able to help you. We reserve the issues tracker for issues only.
Thank you!
tegon
on 8 May 2018
I also encountered the same problem
I can sign in normally using Mozilla Firefox
But, when using Google Chrome
Parameters: {"utf8"=>"✓", "authenticity_token"=>"zMF4qYg6Lud1Xu7AVjI0L0R8fHn8hp+DZMs6KnYO+au28wuYc+aROk+v3nz0rMd8F1QLRfm+XA2HrqXwBe198g==", "admin"=>{"email"=>"[email protected]", "password"=>"[FILTERED]", "remember_me"=>"1"}, "commit"=>"Log in"}
W, [2018-06-20T14:33:56.208051 #7865] WARN -- : [ca486d8e-3c4d-486d-8fff-6d3764b09a98] HTTP Origin header (https://<domain name>) didn't match request.base_url (http://<domain name>)
I, [2018-06-20T14:33:56.208618 #7865] INFO -- : [ca486d8e-3c4d-486d-8fff-6d3764b09a98] Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)
F, [2018-06-20T14:33:56.209808 #7865] FATAL -- : [ca486d8e-3c4d-486d-8fff-6d3764b09a98]
F, [2018-06-20T14:33:56.209868 #7865] FATAL -- : [ca486d8e-3c4d-486d-8fff-6d3764b09a98] ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
F, [2018-06-20T14:33:56.209920 #7865] FATAL -- : [ca486d8e-3c4d-486d-8fff-6d3764b09a98]
F, [2018-06-20T14:33:56.209987 #7865] FATAL -- : [ca486d8e-3c4d-486d-8fff-6d3764b09a98] vendor/bundle/ruby/2.5.0/gems/actionpack-5.1.6/lib/action_controller/metal/request_forgery_protection.rb:195:in `handle_unverified_request'
- Ruby [2.5.0p0]
- Rails [5.1.4]
- Devise [4.4.3]
a-wing
on 20 Jun 2018
I found in chrome have header origin: https://<domain name>
But. Firefox not have header origin
Resolve:
Set nginx header
proxy_set_header origin 'http://<domain name>';
hope this helps
a-wing
on 20 Jun 2018
Related issues
Pedroknoll
·
3Comments
edipox
·
4Comments
jroggeman
·
3Comments
Boneshj
·
3Comments
afuno
·
3Comments
Most helpful comment
I found in chrome have header
origin: https://<domain name>But. Firefox not have header
originResolve:
Set nginx header
hope this helps