Hilla auth logout() and HSTS domains

perfect-panda · December 28, 2023, 6:26pm

Hi! I’m attempting to deploy a hilla based site with the authentication added from one of the tutorials. When working locally/dev, it works great and console throws no exceptions. Except when deployed to production via docker (behind haproxy, not sure if it matters. mentioning here just incase) I get a console error while pressing the signout button. Logout does seem to “happen” as when I refresh the page I am redirected to the login page, but it doesn’t happen automatically after pressing sign out. The code for the signout button is basically 1:1 from the demo, with some extra logging to try and get the issue: <Button onClick={ async () => {try {await logout();} catch (e: any) {console.log(e);}} }>Sign out</Button>. Let me know what other info I can send over to help! Thanks!

perfect-panda · December 28, 2023, 6:28pm

Using hilla 2.3.4 and React

quirky-zebra · December 28, 2023, 7:10pm

Sounds like your proxy did not forward that it runs your app with https - I have no experience with haproxy but Apache httpd for example uses special headers to inform the spring boot about their real origin with the ProxyPass directive.

perfect-panda · December 28, 2023, 7:23pm

Is there a setting somewhere to enable HTTPS on the instance of hilla?

perfect-panda · December 28, 2023, 7:23pm

When I connect to the container direct, it’s http not https

perfect-panda · December 28, 2023, 7:25pm

and prepending the private IP:port with https:// throws a err ssl protocol error in chrome

quirky-zebra · December 28, 2023, 7:39pm

You have to research your proxy and spring boot. Hilla doesn’t care about it and just uses what the container says

perfect-panda · December 28, 2023, 7:39pm

Hmm, even if the “url” being used is nothing I control and is just in the hilla react auth package?

quirky-zebra · December 28, 2023, 7:48pm

I’m not really familiar with the react package, but I would highly expect that all urls are relative paths, therefore it’s protocol agnostic

perfect-panda · December 28, 2023, 7:49pm

Yeah, they are so far. The logout doesn’t give an option though

perfect-panda · December 28, 2023, 7:49pm

Maybe I’m missing something though

perfect-panda · December 28, 2023, 7:50pm

It might be a cascading failure due to the https thing though, I’ll keep looking

perfect-panda · December 28, 2023, 7:50pm

Thanks!

perfect-panda · December 28, 2023, 10:17pm

After digging into it a bit more, think I need to enable https on the spring side or take the forwarded scheme. Does anyone know where the above code sample would get the url for the redirect from?

perfect-panda · December 28, 2023, 10:30pm

Fixed with a couple settings:

server.tomcat.remoteip.remote-ip-header=x-forwarded-for
server.tomcat.remoteip.protocol-header=x-forwarded-proto
server.tomcat.remoteip.protocol-header-https-value=https
server.forward-headers-strategy=native```