tag:support.appharbor.com,2010-11-23:/discussions/problems/61429-https-forward-urgentAppHarbor: Discussion 2018-10-19T03:07:10Ztag:support.appharbor.com,2010-11-23:Comment/339430642014-07-29T10:07:25Z2014-07-29T10:07:25Zhttps forward -> urgent<div><p>Hi Matt,</p>
<p>How have you implemented the HTTPS forward? AppHarbor terminates
SSL at the load balancer level, so you'll need to inspect the
<code>X-Forwarded-Proto</code> header - you can find an <a href=
"https://gist.github.com/runesoerensen/915869">implementation of
the <code>RequireHttpsAttribute</code> right here</a> which does
exactly that.</p>
<p>If you use a different implementation and need to make public
URLs that do not contain a port number you could use <a href=
"https://gist.github.com/runesoerensen/803358">this
implementation</a>. However I don't think that's the issue here,
and if you're using MVC you can simple use the attribute mentioned
above instead of the built-in <code>RequireHttpsAttribute</code>
implementation.</p>
<p>Best,<br>
Rune</p></div>runetag:support.appharbor.com,2010-11-23:Comment/339430642014-07-29T10:15:10Z2014-07-29T10:15:10Zhttps forward -> urgent<div><p>hmm... i don't get you... it is a webapi that is secured by
https... as it uses tokens... the api should be public yes... so I
don't get what to do with this 2 implementations?!</p></div>Mattbtag:support.appharbor.com,2010-11-23:Comment/339430642014-07-29T10:52:23Z2014-07-29T10:52:23Zhttps forward -> urgent<div><p>The error message returned by your application seem a bit
unusual - do you have logic somewhere in the application that
checks for HTTPS and do not take the <code>X-Forwarded-Proto</code>
header into account? If so you can likely just remove that logic,
and simply use the attribute I mentioned above - or otherwise make
sure it also supports the protocol header like the attribute
does.</p>
<p>Otherwise I'll be happy to take a look at your code and see if I
can isolate the issue further.</p>
<p>Best,<br>
Rune</p></div>runetag:support.appharbor.com,2010-11-23:Comment/339430642014-07-29T10:56:16Z2014-07-29T10:56:16Zhttps forward -> urgent<div><p>So i added this attribute class and<br>
[EnableCors("*", "*", "*")] [RequireHttps] public class
EventController : ApiController</p>
<p>right?</p></div>Mattbtag:support.appharbor.com,2010-11-23:Comment/339430642014-07-29T11:22:46Z2014-07-29T11:22:46Zhttps forward -> urgent<div><p>Yep that should work. It it still doesn't there are two possible
reasons:</p>
<ul>
<li>Some other code in your application handles HTTPS and doesn't
consider the <code>X-Forwarded-Proto</code> header.</li>
<li>The attribute is not actually referencing the implementation I
linked to, but instead uses the MVC attribute.</li>
</ul>
<p>The latter is relatively unlikely as the error message you see
is not usually produced by the built-in HTTPS class. So if I were
you I'd look for other places in your code that produces the error
message you're seeing. Otherwise let me know if I can take a look
at your code, and I'll be happy to check if anything sticks
out.</p>
<p>Best,<br>
Rune</p></div>runetag:support.appharbor.com,2010-11-23:Comment/339430642014-07-29T13:11:47Z2014-07-29T14:40:21Zhttps forward -> urgent<div><p>Thanks, it worked... but how to access the X509Store what are
the correct parameters?<br>
Store location etc...</p></div>Mattb