-
Notifications
You must be signed in to change notification settings - Fork 21.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ActiveStorage redirects attachment URLs from HTTPS to HTTP during service.url call #32255
Comments
Your disk service is configured with an HTTP host (the default is local:
service: Disk
root: <%= Rails.root.join("storage") %>
host: https://localhost:3000 (The |
as a palliative:
|
I am using activestorage (= 6.0.0) and this is still happening. ~ $ http https://estreias.net/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBHdz09IiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--c288ffa46e59e8ac436245887b07e01792224bcd/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9VY21WemFYcGxYM1J2WDJ4cGJXbDBXd2RwQWl3QmFRSXNBUT09IiwiZXhwIjpudWxsLCJwdXIiOiJ2YXJpYXRpb24ifX0=--5fc8499e3ccc27d79b7ab0d943847989a94d1df6/bomba_ompuff-300x300.jpg
HTTP/1.1 302 Found
Cache-Control: max-age=300, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Nov 2019 00:36:46 GMT
Location: http://estreias.net/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDRG9JYTJWNVNTSnJkbUZ5YVdGdWRITXZkakk1WjJoM2NUQnROSFkyTjNaNGJtSjVPWFI2TXpkcGR6YzNOQzlrT1RWallUTm1OV013WTJWbU1HSm1PR1kwT1dVMU5XVXhORFEyWTJabVlqSXhNVEZqTW1FNVlqQmhNV1ZoWTJGaVpETmpOR0l4Tm1KbVlqRmhPRGN3QmpvR1JWUTZFR1JwYzNCdmMybDBhVzl1U1NKYmFXNXNhVzVsT3lCbWFXeGxibUZ0WlQwaVltOXRZbUZmYjIxd2RXWm1MVE13TUhnek1EQXVhbkJuSWpzZ1ptbHNaVzVoYldVcVBWVlVSaTA0SnlkaWIyMWlZVjl2YlhCMVptWXRNekF3ZURNd01DNXFjR2NHT3daVU9oRmpiMjUwWlc1MFgzUjVjR1ZKSWc5cGJXRm5aUzlxY0dWbkJqc0dWQT09IiwiZXhwIjoiMjAxOS0xMS0xOVQwMDo0MTo0Ni4wOTZaIiwicHVyIjoiYmxvYl9rZXkifX0=--dbb235875c4ca91b738c43d2ce2aeb463be416bf/bomba_ompuff-300x300.jpg?content_type=image%2Fjpeg&disposition=inline%3B+filename%3D%22bomba_ompuff-300x300.jpg%22%3B+filename%2A%3DUTF-8%27%27bomba_ompuff-300x300.jpg
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: c6a2b1d7-ede2-4768-b744-b3991c349efa
X-Runtime: 0.009339
X-XSS-Protection: 1; mode=block
<html><body>You are being <a href="http://estreias.net/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDRG9JYTJWNVNTSnJkbUZ5YVdGdWRITXZkakk1WjJoM2NUQnROSFkyTjNaNGJtSjVPWFI2TXpkcGR6YzNOQzlrT1RWallUTm1OV013WTJWbU1HSm1PR1kwT1dVMU5XVXhORFEyWTJabVlqSXhNVEZqTW1FNVlqQmhNV1ZoWTJGaVpETmpOR0l4Tm1KbVlqRmhPRGN3QmpvR1JWUTZFR1JwYzNCdmMybDBhVzl1U1NKYmFXNXNhVzVsT3lCbWFXeGxibUZ0WlQwaVltOXRZbUZmYjIxd2RXWm1MVE13TUhnek1EQXVhbkJuSWpzZ1ptbHNaVzVoYldVcVBWVlVSaTA0SnlkaWIyMWlZVjl2YlhCMVptWXRNekF3ZURNd01DNXFjR2NHT3daVU9oRmpiMjUwWlc1MFgzUjVjR1ZKSWc5cGJXRm5aUzlxY0dWbkJqc0dWQT09IiwiZXhwIjoiMjAxOS0xMS0xOVQwMDo0MTo0Ni4wOTZaIiwicHVyIjoiYmxvYl9rZXkifX0=--dbb235875c4ca91b738c43d2ce2aeb463be416bf/bomba_ompuff-300x300.jpg?content_type=image%2Fjpeg&disposition=inline%3B+filename%3D%22bomba_ompuff-300x300.jpg%22%3B+filename%2A%3DUTF-8%27%27bomba_ompuff-300x300.jpg">redirected</a>.</body></html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I setup a self-signed SSL and configured in Puma, was working fine for most things but does not get applied to the disk service url in ActiveStorage. This occurs for both the original upload files and their variants. I have not checked this behavior on other services.
Here is the log revealing the redirect does not apply the SSL (I have truncated the file keys for brevity):
I am fairly confident (not 100%) the redirect is occurring On line ~12 of the Representations_Controller which is using a URL generated by the disk_service but I lost the trail with the call to
url_helpers.rails_disk_service_path
. Doing a search for "rails_disk_service_path" yields one result, the line in question. This issue may be a defect inurl_helpers.rails_disk_service_path
, but I cannot find where this method is defined to attempt a patch.Steps to reproduce
config.force_ssl = true
to config/environments/development.rbport ENV.fetch("PORT") { 3000 }
and add this block:Expected behavior
Page should load over HTTPS and the image should load over HTTPS.
Actual behavior
Page loads as normal, image URLs are redirect from HTTPS to HTTP which will not load locally when running with SSL with disk service storage.
System configuration
Rails version: 5.2.0.rc1
Ruby version: 2.5.0p0 (2017-12-25 revision 61468) [x86_64-darwin15]
Chrome version: 64.0.3282.186 (Official Build) (64-bit)
Safari version: 11.0.3 (11604.5.6.1.1)
The text was updated successfully, but these errors were encountered: