HTTP Origin header didn't match request.base_url

Question

I have currently spent a few days trying to solve this issue. As it currently stands whenever I log in to my Rails 5 application on production through Chrome I get this error. I am running rails version 5.1.5, ruby 2.3.1, and nginx/1.10.3. My applications is running on an EC2 instance behind a ELB (elastic load balancer) with a forwarding rule of http on port 80 to https on port 443. I am well aware that this issue is stemming from the fact that my request headers are indicating the origin is different than the destination. I am also aware that this can be rectified by updated my nginx.conf file or disabling Rails' CSRF protections (which wouldn't be a viable solution for me for security concerns, as I understand it). I have attempted to solve this issue by manually setting headers in the application_controller via a before_action, but that did not work. I have also attempted to update my nginx.conf file with the examples I have found on SO and other places, but that simply results in 502 gateway errors. The issue is the syntax of the examples I find are either somehow not compatible or I just making every possible clerical error, I legitimately made additions a line at a time rebooted the server and redeployed and still no luck. Ideally I would like to solve the problem on the rails side if at all possible my attempt at setting the header didn't work:

application_controller.rb

protect_from_forgery with: :exception, prepend: true
before_action :set_https_header

def set_https_header
  response.set_header('X-Frame-Options', 'SAMEORIGIN')
end

If I have to update the ngnix.conf could someone please provide some rhyme or reasoning around the syntax.

production.rb

config.cache_classes = true
  config.eager_load = true
  config.consider_all_requests_local       = false
  config.action_controller.perform_caching = true

  config.read_encrypted_secrets = true
  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
  config.assets.js_compressor = Uglifier.new(harmony: true)

  config.assets.compile = false
  config/initializers/assets.rb

  # config.force_ssl = true
  config.log_level = :debug
  config.log_tags = [ :request_id ]

  config.action_mailer.perform_caching = false
  config.i18n.fallbacks = true
  config.active_support.deprecation = :notify

nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

                include /etc/nginx/conf.d/*.conf;
                include /etc/nginx/sites-enabled/*;
        }


        #mail {
        #       # See sample authentication script at:
        #       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
        # 
        #       # auth_http localhost/auth.php;
        #       # pop3_capabilities "TOP" "USER";
        #       # imap_capabilities "IMAP4rev1" "UIDPLUS";
        # 
        #       server {
        #               listen     localhost:110;
        #               protocol   pop3;
        #               proxy      on;
        #       }
        # 
        #       server {
        #               listen     localhost:143;
        #               protocol   imap;
        #               proxy      on;
        #       }
        #}

Answer 1

You need add header to the nginx configuration(there is another file with server configuration, not nginx.conf), here is an example:

server {
  listen 80;
  server_name server.com www.server.com;
  # some configuration here

  location @server {
            # ... some configuration here
            # this set proper header
            proxy_set_header Host www.my_actual_domain_name.com; 
            # ... some configuration here
    }

}

Source