Force HTTPS redirect on heroku

[commjoen]

During our webinar with GitGuardian, we demoed the app , by mistake using http at heroku, which led to an issue with the cookies, not keeping our progress.

Therefore we need to make sure that at Heroku we keep redirecting http traffic to https, with for instance, https://devcenter.heroku.com/articles/preparing-a-spring-boot-app-for-production-on-heroku#force-the-use-of-https

[commjoen]

solution: make sure there is a configuration parameter for thespring boot app on whether redirectohttps is set, and make sure this is then activated in the Dockerfile.web .

[nbaars]

Can't you use the the proposed example from Heroku? Seems a valid configuration and does not interfere with running it locally:

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.requiresChannel()
      .requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null)
      .requiresSecure();
  }
}

[commjoen]

Yes that is the one I meant with https://devcenter.heroku.com/articles/preparing-a-spring-boot-app-for-production-on-heroku#force-the-use-of-https but I thought it would cause some interference on some of our deployment variants

[commjoen]

hmm it seems i need to have another version of spring security for this.. let me check

[commjoen]

@nbaars this solution will put on spring cloud security with auth :(

[commjoen]

Fixed with #173