-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
scheme wss is not allowed #1730
Comments
I found a related issue on Traefik's tracker, where the maintainers argue that To work around the present issue in Rack, it is possible to rely on one of the alternative detection mechanisms implemented in For example, setting the labels:
# ...
- 'traefik.http.middlewares.forward_ssl.headers.customrequestheaders.x-forwarded-ssl=on'
- 'traefik.http.routers.https_router.middlewares=forward_ssl' This feels hacky though, and adding wss/ws to the ALLOWED_SCHEMES constant seems to be a more reliable fix indeed. |
I think adding it to |
@erwanst Yeah, that how I solved the issue temporally. Sorry for not mentioning, it would have been helpful for others. @ioquatix Great. From my perspective, it makes especially sense after |
#1742 adds both |
This change improves SSL detection in apps running behind some reverse-proxies. Fixes #1730
Hello,
my ActionCable connections stopped working after I have upgraded Traefik. After some investigation, I think the problem is the changed
X-Forwarded-Proto
header which now ist set towss
instead ofhttps
. ActionCable verifies the origin of a request and if the request is allowed with the help of theRack::Request#ssl?
method.The method
ssl?
would returntrue
if thescheme
is detected ashttps
orwss
.The problem is that
scheme
returnsnil
although the headerX-Forwarded-Proto
is set towss
.I suggest to add
wss
and maybews
to theALLOWED_SCHEMES
constant so that theforwarded_scheme
method can extract it.What do you think?
The text was updated successfully, but these errors were encountered: