Skip to content

Middleware for SSL redirect #1729

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 23, 2024
Merged

Middleware for SSL redirect #1729

merged 1 commit into from
Oct 23, 2024

Conversation

@jonkafton
Copy link
Contributor

@jonkafton jonkafton commented Oct 22, 2024

What are the relevant tickets?

Closes https://github.com/mitodl/hq/issues/5836

Description (What does it do?)

Adds a middleware function to redirect any traffic on HTTP to HTTPS.

Redirects for requests to http://mit.learn.edu are handled by the CDN, though this change blocks content from being served over HTTP if the assigned Next.js server domains are addressed directly. Very edge case as we have a CORS list, though this was highlighted while we had a whitelisted domain before the CDN was set up on RC.

How can this be tested?

Build the app for production and test that it redirects to HTTPS

  • Run yarn build
  • Run PORT=8062 yarn start
  • Add an /etc/hosts file entry to 127.0.01 that does not include the string "local", e.g. 127.0.01 testing.
  • Navigate to http://testing:8062/
  • You should be redirected to https://testing:8062/ (where locally you'll see an SSL error).
  • Paths and search params should be preserved.

@shanbady shanbady self-requested a review October 23, 2024 13:38
@shanbady shanbady self-assigned this Oct 23, 2024
shanbady
shanbady approved these changes Oct 23, 2024
View reviewed changes
Copy link
Contributor

@shanbady shanbady left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changes here appear to work. discovered a separate issue with local node setup which jon has cut separate issues for

@jonkafton
Copy link
Contributor Author

jonkafton commented Oct 23, 2024
edited
Loading

For attention on RC when we release: There is a possibility that this will cause a redirect loop if the x-forwarded-proto header is not exactly "https".

@jonkafton jonkafton merged commit 739b5bd into main Oct 23, 2024
12 checks passed
This was referenced Oct 24, 2024
Closed
Closed
Closed
Closed
Closed
Merged
@rhysyngsun rhysyngsun deleted the jk/5836-ssl-redirect branch February 7, 2025 20:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shanbady shanbady shanbady approved these changes

Assignees

@shanbady shanbady

@jonkafton jonkafton

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jonkafton @shanbady