Skip to content

ENT-11481: Removed web server redirect from http to https #1953

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 1, 2025
Merged

ENT-11481: Removed web server redirect from http to https #1953

merged 1 commit into from
Oct 1, 2025

Conversation

aleksandrychev
Copy link
Contributor

@aleksandrychev aleksandrychev commented Sep 29, 2025
edited
Loading

HTTP_HOST can be manipulated via Host header and for this reason http to https redirect will be handled on the UI.

Ticket: ENT-11481
Signed-off-by: Ihor Aleksandrychiev ihor.aleksandrychiev@northern.tech

together: https://github.com/cfengine/mission-portal/pull/2906

nickanderson
nickanderson reviewed Sep 29, 2025
View reviewed changes
Copy link
Member

@nickanderson nickanderson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure about this. It doesn't seem right.

Maybe it would be better to just not support the redirection.

@aleksandrychev
Copy link
Contributor Author

I am not sure about this. It doesn't seem right.

Maybe it would be better to just not support the redirection.

yes, at least not in httpd config.. I will re-do this one and open additional in the MP.

@aleksandrychev
Removed web server redirect from http to https
ac7b17c 
HTTP_HOST can be manipulated via Host header and for this reason http to https redirect will be handled on the UI.

Ticket: ENT-11481
Signed-off-by: Ihor Aleksandrychiev <ihor.aleksandrychiev@northern.tech>
@aleksandrychev aleksandrychev changed the title Use SERVER_ADDR instead of HTTP_HOST in the redirect from http to https ENT-11481: Removed web server redirect from http to https Sep 30, 2025
@aleksandrychev
Copy link
Contributor Author

@nickanderson I changed this one and added https://github.com/cfengine/mission-portal/pull/2906

craigcomstock
craigcomstock approved these changes Sep 30, 2025
View reviewed changes
nickanderson
nickanderson approved these changes Sep 30, 2025
View reviewed changes
deps-packaging/apache/httpd.conf
# Force https with redirection
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this drops all http -> https redirection from apache directly. Seems OK i guess as long as we prevent login and stuff on http.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It will be a HTML (JavaScript) redirect instead.

@aleksandrychev aleksandrychev merged commit be9ba7b into cfengine:master Oct 1, 2025
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickanderson nickanderson nickanderson approved these changes

@craigcomstock craigcomstock craigcomstock approved these changes

@olehermanse olehermanse olehermanse approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@aleksandrychev @nickanderson @craigcomstock @olehermanse