Login/Register
HTTP Origin header didn't match request.base_url
Asked Answered
Solved ruby-on-railsnginxruby-on-rails-5
L

1

7

I have currently spent a few days trying to solve this issue. As it currently stands whenever I log in to my Rails 5 application on production through Chrome I get this error. I am running rails version 5.1.5, ruby 2.3.1, and nginx/1.10.3. My applications is running on an EC2 instance behind a ELB (elastic load balancer) with a forwarding rule of http on port 80 to https on port 443. I am well aware that this issue is stemming from the fact that my request headers are indicating the origin is different than the destination. I am also aware that this can be rectified by updated my nginx.conf file or disabling Rails' CSRF protections (which wouldn't be a viable solution for me for security concerns, as I understand it). I have attempted to solve this issue by manually setting headers in the application_controller via a before_action, but that did not work. I have also attempted to update my nginx.conf file with the examples I have found on SO and other places, but that simply results in 502 gateway errors. The issue is the syntax of the examples I find are either somehow not compatible or I just making every possible clerical error, I legitimately made additions a line at a time rebooted the server and redeployed and still no luck. Ideally I would like to solve the problem on the rails side if at all possible my attempt at setting the header didn't work:

application_controller.rb

protect_from_forgery with: :exception, prepend: true
before_action :set_https_header

def set_https_header
  response.set_header('X-Frame-Options', 'SAMEORIGIN')
end

If I have to update the ngnix.conf could someone please provide some rhyme or reasoning around the syntax.

production.rb

config.cache_classes = true
  config.eager_load = true
  config.consider_all_requests_local       = false
  config.action_controller.perform_caching = true

  config.read_encrypted_secrets = true
  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
  config.assets.js_compressor = Uglifier.new(harmony: true)

  config.assets.compile = false
  config/initializers/assets.rb

  # config.force_ssl = true
  config.log_level = :debug
  config.log_tags = [ :request_id ]

  config.action_mailer.perform_caching = false
  config.i18n.fallbacks = true
  config.active_support.deprecation = :notify

nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

                include /etc/nginx/conf.d/*.conf;
                include /etc/nginx/sites-enabled/*;
        }


        #mail {
        #       # See sample authentication script at:
        #       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
        # 
        #       # auth_http localhost/auth.php;
        #       # pop3_capabilities "TOP" "USER";
        #       # imap_capabilities "IMAP4rev1" "UIDPLUS";
        # 
        #       server {
        #               listen     localhost:110;
        #               protocol   pop3;
        #               proxy      on;
        #       }
        # 
        #       server {
        #               listen     localhost:143;
        #               protocol   imap;
        #               proxy      on;
        #       }
        #}
Linis answered 27/9, 2018 at 4:43 Comment(0)
W
9

You need add header to the nginx configuration(there is another file with server configuration, not nginx.conf), here is an example:

server {
  listen 80;
  server_name server.com www.server.com;
  # some configuration here

  location @server {
            # ... some configuration here
            # this set proper header
            proxy_set_header Host www.my_actual_domain_name.com; 
            # ... some configuration here
    }

}

Source

Waly answered 27/9, 2018 at 6:24 Comment(4)
Would this be located in the site-available sites-enabled files?Linis
No matter there, It should be included to the nginx main config.Waly
To be clear it was the site-available that I added the header toLinis
It should not be included in the main config, as it is specific to the site. Also, sites-enabled include LINKS to sites-available (if configured as recommended), so it does not matter what file you edit (actually, they are the very same files, so any change in one is reflected in the other). If they were not the same files, you would have to edit the file in sites-enabled.Margret

© 2022 - 2024 — McMap. All rights reserved.