15107: Fix redirect target rewriting.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg@veritasgenetics.com>

diff --git a/lib/controller/railsproxy/railsproxy.go b/lib/controller/railsproxy/railsproxy.go
index 54257cffc57d9a84eb946b73f3704607c1b9c45e..ba1c323ba67a377e7eabc40be6eb5fa4762ef381 100644 (file)
--- a/lib/controller/railsproxy/railsproxy.go
+++ b/lib/controller/railsproxy/railsproxy.go
@@ -8,7 +8,6 @@ package railsproxy
 
 import (
        "fmt"
-       "net/http"
        "net/url"
        "strings"
 
@@ -38,10 +37,5 @@ func NewConn(cluster *arvados.Cluster) *rpc.Conn {
        if err != nil {
                panic(err)
        }
-       conn := rpc.NewConn(cluster.ClusterID, url, insecure, rpc.PassthroughTokenProvider)
-       // If Rails is running with force_ssl=true, this
-       // "X-Forwarded-Proto: https" header prevents it from
-       // redirecting our internal request to an invalid https URL.
-       conn.SendHeader = http.Header{"X-Forwarded-Proto": []string{"https"}}
-       return conn
+       return rpc.NewConn(cluster.ClusterID, url, insecure, rpc.PassthroughTokenProvider)
 }

diff --git a/services/api/config/application.rb b/services/api/config/application.rb
index 9a4270ad9df4384d88c97cf100ae83790a1a35ba..f211ec9e0cde5c67160bda1bde97e20cdb7861a8 100644 (file)
--- a/services/api/config/application.rb
+++ b/services/api/config/application.rb
@@ -76,6 +76,11 @@ module Server
 
     config.action_dispatch.perform_deep_munge = false
 
+    # force_ssl's redirect-to-https feature doesn't work when the
+    # client supplies a port number, and prevents arvados-controller
+    # from connecting to Rails internally via plain http.
+    config.ssl_options = {redirect: false}
+
     I18n.enforce_available_locales = false
 
     # Before using the filesystem backend for Rails.cache, check