Hilla auth logout() and HSTS domains

Hi! I’m attempting to deploy a hilla based site with the authentication added from one of the tutorials. When working locally/dev, it works great and console throws no exceptions. Except when deployed to production via docker (behind haproxy, not sure if it matters. mentioning here just incase) I get a console error while pressing the signout button. Logout does seem to “happen” as when I refresh the page I am redirected to the login page, but it doesn’t happen automatically after pressing sign out. The code for the signout button is basically 1:1 from the demo, with some extra logging to try and get the issue: <Button onClick={ async () => {try {await logout();} catch (e: any) {console.log(e);}} }>Sign out</Button>. Let me know what other info I can send over to help! Thanks!

Using hilla 2.3.4 and React

Sounds like your proxy did not forward that it runs your app with https - I have no experience with haproxy but Apache httpd for example uses special headers to inform the spring boot about their real origin with the ProxyPass directive.

Is there a setting somewhere to enable HTTPS on the instance of hilla?

When I connect to the container direct, it’s http not https

and prepending the private IP:port with https:// throws a err ssl protocol error in chrome

You have to research your proxy and spring boot. Hilla doesn’t care about it and just uses what the container says

Hmm, even if the “url” being used is nothing I control and is just in the hilla react auth package?

I’m not really familiar with the react package, but I would highly expect that all urls are relative paths, therefore it’s protocol agnostic

Yeah, they are so far. The logout doesn’t give an option though

Maybe I’m missing something though

It might be a cascading failure due to the https thing though, I’ll keep looking


After digging into it a bit more, think I need to enable https on the spring side or take the forwarded scheme. Does anyone know where the above code sample would get the url for the redirect from?

Fixed with a couple settings: