I have two Jetty AppServers that run the Grails web application behind Apache 2.2 reverse proxies. SSL disabling is performed by Apaches that send HTTP to Jetty AppServers.
When the Grails web application redirects this way
redirect(action:'index')
the end user receives an HTTP 302 redirect request with the full URL that uses the http: // protocol, not https: //:
HTTP/1.1 302 Found Date: Tue, 08 Mar 2011 17:50:46 GMT Server: Jetty(6.1.17) Expires: Thu, 01 Jan 1970 00:00:00 GMT Location: http://hostname.domain/web/?lang=en
This is annoying because all HTTP requests go to the proxy server and are redirected to HTTPS requests. So this is an extra round.
I see two solutions:
- Apache mod_proxy can rewrite this Location-https: // header before passing the response to the user. (Can it?)
- Grails may simply not use absolute URLs when redirecting:
Location: /web/?lang=en
The first option is a little stupid, I think, right?
Do you have any idea how I can get grails to send non-absolute redirect headers (ideally without switching each redirect to using uri: ?
EDIT: At the moment, I have a workaround after the first approach, changing the response headers ( a2enmod headers , and then add Header edit Location ^http://(.*)$ https://$1 in <Location> ). Inspiration comes from this serverfault post . I would still like to know why this is necessary in the first place.
source share