Bug 1340180 - Redirecting from HTTPS to HTTP fails in this Rails 4 app [NEEDINFO]
Summary: Redirecting from HTTPS to HTTP fails in this Rails 4 app
Alias: None
Product: OpenShift Online
Classification: Red Hat
Component: Image
Version: 2.x
Hardware: All
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Rory Thrasher
QA Contact: Wang Haoran
Depends On:
TreeView+ depends on / blocked
Reported: 2016-05-26 15:56 UTC by none
Modified: 2017-05-31 18:22 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-05-31 18:22:11 UTC
Target Upstream Version:
rthrashe: needinfo? (l88629)

Attachments (Terms of Use)

Description none 2016-05-26 15:56:34 UTC
When the user is on HTTP, he can successfully be redirected to a HTTPS (SSL) URL.

However, when I want to **do the reverse**, it creates an **infinite redirection loop**.

Here is the redirection code from the application_controller's `before_action`:

    def debug_toggle_ssl
      if params[:x].eql?('yes')
        redirect_to "http://NONSSL.tld#{request.fullpath}"

With that, the issue may be reproduce like so:

1. Direct browser to https://SSL.tld
2. Try to open https://SSL.tld/?x=yes
3. Notice how a loop to https://SSL.tld is caused (http://NONSSL.tld is never even requested)

Actual results: Redirect to SSL URL (thus causing a loop)

Expected results: Redirect to non-SSL URL

Additional info: See also http://stackoverflow.com/q/36781860/569825

Comment 2 none 2016-08-14 23:57:56 UTC
Please inform if there is intention to solve this bug and when resolution is expected.

Our app and thus the further use of OpenShift Online as customers strongly depends on it's resolution.

Comment 3 el reporto 2017-01-18 20:56:48 UTC
We're experiencing the same issue on our app. What's the current status?

Comment 4 Rory Thrasher 2017-01-20 22:32:20 UTC
Thanks for your patience.  I previously was unable to reproduce the issue, but I'll be trying again shortly.  I'll let you know what I find.

Comment 5 el reporto 2017-02-20 17:54:10 UTC
any news on reproducing the issue yet? any way we can help?

Comment 6 Rory Thrasher 2017-02-27 21:52:29 UTC
As I'm continuing to look into this, can you go over your use case?  It seems odd to be intentionally redirecting to the less secure http.  If I know your use case I may be able to find an alternative solution.

Comment 7 Eric Paris 2017-05-31 18:22:11 UTC
We apologize, however, we do not plan to address this report at this time. The majority of our active development is for the v3 version of OpenShift. If you would like for Red Hat to reconsider this decision, please reach out to your support representative. We are very sorry for any inconvenience this may cause.

Note You need to log in before you can comment on or make changes to this bug.