The apache SSL proxy will handle rewriting that location header. As will F5 setups that I've used.
I haven't used heroku's SSL but I would expect it to do something similar. On Sep 17, 2013 6:09 PM, "AndyW" <[email protected]> wrote: > I believe the problem to be caused by the way application https is handled > by > Heroku: the https endpoint is in the Heroku stack, but the communication > between the endpoint and applications running in Heroku uses vanilla http. > > This means that when Shiro assembles the Location header in order to > redirect the browser to the login page (and, after login, to the requested > page), it uses the http scheme of the request reaching the application, > instead of the https scheme as requested by the user (see > ShiroHttpServletResponse.toAbsolute(String location)). > > So, when I request https://myexample.com, the response that Shiro sends > back > has a Location header of http://myexample.com/login.jsp. > > Is this a case that Shiro is able to handle? If so, I'd really appreciate a > pointer. > > Thanks, > Andy > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/SSL-Login-https-redirects-to-http-tp7579103p7579149.html > Sent from the Shiro User mailing list archive at Nabble.com. >
