AJAX calls over HTTP
I currently proxy my Tracks install though Apache over SSL. This allows me to expose Tracks over the internet securely.
When Tracks does AJAX look ups, it does so over HTTP instead of HTTPS.
I have included a truncated Wireshark capture showing the URLs that Tracks tries to reach.
When Tracks does AJAX look ups, it does so over HTTP instead of HTTPS.
I have included a truncated Wireshark capture showing the URLs that Tracks tries to reach.
Leave a comment
file:bCGheaskGr4Q1GacwqjQYw
Truncated Wireshark Capture
Truncated Wireshark Capture
on 2012-12-18 13:01 *
By
@Dan, I am running in production, but don't have that option. I am using Tracks 2.1.1 on Centos 6 (Rails 2.3.14).
@lrbalt, I don't see anything specific to SSL except some config options related to LDAP.
I did secure_cookies options and toggled that the true based on previous feedback. This hasn't had any effect.
@lrbalt, I don't see anything specific to SSL except some config options related to LDAP.
I did secure_cookies options and toggled that the true based on previous feedback. This hasn't had any effect.
Do you have firebug installed? could you see if the ajax call is using https?
Are you using a reverse-proxy with apache or are you using passenger? The latter makes this much simpler!
In case of the first, IIRC, for ssl to be passed to a tracks server behind a proxy, you need to add
to apache conf.
Are you using a reverse-proxy with apache or are you using passenger? The latter makes this much simpler!
In case of the first, IIRC, for ssl to be passed to a tracks server behind a proxy, you need to add
RequestHeader set X-Forwarded-Proto "https"
to apache conf.
I never ended up figuring it out and just set up a VPN for secure access. I am no longer proxying Tracks through Apache over SSL.
Please close the ticket.
Please close the ticket.