You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 5, 2022. It is now read-only.
I think there is a bug in the creation of the redirect_uri. It will always redirect to http if you are not behind a reverseproxy. In my opinion it would be correct to take the scheme and port from httpServerletRequest if it is not provided in the x-forward* headers. String scheme = StringUtils.isEmpty(schemeHeader) ? request.getScheme(): schemeHeader; String port = StringUtils.isEmpty(portHeader) ? Integer.toString(request.getServerPort()) : portHeader;
This will prevent to use always http in the redirect uri
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Summary
When I click on the following link from the spring mvc web application
https://www.website.com/auth/facebook
It redirects to this link
https://www.facebook.com/v2.5/dialog/oauth?client_id=1234567890&response_type=code&redirect_uri=http%3A%2F%2Fwww.website.com%2Fauth%2Ffacebook&scope=email&state=62b42bqd-f8y8-44a3-dbcs-a13ce12bfcce
In this, redirect_uri takes http instead https. How to forced https to redirect_uri?
Actual Behavior
redirect_uri takes http instead https
Expected Behavior
redirect_uri should take https instead http
Configuration
Spring MVC
Spring Security
Spring Social
Hibernate
Jetty
Version
spring social - 1.1.6.RELEASE
spring social facebook - 2.0.3.RELEASE
The text was updated successfully, but these errors were encountered: