Monday, August 12, 2019

http - Nginx + Passenger running a RoR app is returning 401 when 302 is expected



I've got a RoR app running on Passenger on top of Nginx. I'm using devise for my authentication method and have a link that gets sent in an email to users that requires authentication to view.



If a user clicks the link from Outlook, and IE is the default browser, IE makes an HTTP request using the following headers:



GET http://www.company.com/custom_layouts/108 HTTP/1.1
Accept: */*
Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: www.company.com


Returning:




HTTP/1.1 401 Unauthorized

Content-Type: /; charset=utf-8
Transfer-Encoding: chunked Connection:
keep-alive Status: 401 X-Powered-By:
Phusion Passenger (mod_rails/mod_rack)
2.2.15 WWW-Authenticate: Basic realm="Application" Cache-Control:
no-cache X-UA-Compatible:
IE=Edge,chrome=1 Set-Cookie:
_vxwer_session=[sessionstr];
path=/; HttpOnly X-Runtime: 0.011918
Server: nginx/0.7.67 + Phusion

Passenger 2.2.15 (mod_rails/mod_rack)



31 You need to sign in or sign up
before continuing. 0




When the exact same URL is typed into the address bar, it does this:



GET http://www.company.com/custom_layouts/108 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: www.company.com


Returning:



HTTP/1.1 302 Found

Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Status: 302
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.15
Location: http://www.company.com/users/sign_in
Cache-Control: no-cache
X-UA-Compatible: IE=Edge,chrome=1
Set-Cookie: _xswer_session=[session_info_here]; path=/; HttpOnly
X-Runtime: 0.010798

Server: nginx/0.7.67 + Phusion Passenger 2.2.15 (mod_rails/mod_rack)

6f
You are being redirected.
0


I expect them to return the same thing regardless.


Answer



Take a look at the following source code in devise which has to do with navigational_formats.




I had the same problem as you describe and setting 



config.navigational_formats = [:"*/*", :html]


in the devise initializer fixed it for me. I have no ideas yet why IE requests coming from Outlook are passed on as /.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...