[ARVADOS] created: 1.3.0-1853-gc00d9e159

[Git user]

        at  c00d9e1595d07e6941bb2fbfb8b4e57c3c4ba856 (commit)


commit c00d9e1595d07e6941bb2fbfb8b4e57c3c4ba856
Author: Tom Clegg <tclegg at veritasgenetics.com>
Date:   Tue Nov 12 16:07:34 2019 -0500

    15107: Fix redirect target rewriting.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg at veritasgenetics.com>

diff --git a/lib/controller/railsproxy/railsproxy.go b/lib/controller/railsproxy/railsproxy.go
index 54257cffc..ba1c323ba 100644
--- a/lib/controller/railsproxy/railsproxy.go
+++ b/lib/controller/railsproxy/railsproxy.go
@@ -8,7 +8,6 @@ package railsproxy
 
 import (
 	"fmt"
-	"net/http"
 	"net/url"
 	"strings"
 
@@ -38,10 +37,5 @@ func NewConn(cluster *arvados.Cluster) *rpc.Conn {
 	if err != nil {
 		panic(err)
 	}
-	conn := rpc.NewConn(cluster.ClusterID, url, insecure, rpc.PassthroughTokenProvider)
-	// If Rails is running with force_ssl=true, this
-	// "X-Forwarded-Proto: https" header prevents it from
-	// redirecting our internal request to an invalid https URL.
-	conn.SendHeader = http.Header{"X-Forwarded-Proto": []string{"https"}}
-	return conn
+	return rpc.NewConn(cluster.ClusterID, url, insecure, rpc.PassthroughTokenProvider)
 }
diff --git a/services/api/config/application.rb b/services/api/config/application.rb
index 9a4270ad9..f211ec9e0 100644
--- a/services/api/config/application.rb
+++ b/services/api/config/application.rb
@@ -76,6 +76,11 @@ module Server
 
     config.action_dispatch.perform_deep_munge = false
 
+    # force_ssl's redirect-to-https feature doesn't work when the
+    # client supplies a port number, and prevents arvados-controller
+    # from connecting to Rails internally via plain http.
+    config.ssl_options = {redirect: false}
+
     I18n.enforce_available_locales = false
 
     # Before using the filesystem backend for Rails.cache, check

-----------------------------------------------------------------------


hooks/post-receive
--