Why does ActionDispatch::Request.original_url return the wrong scheme?

Question

I have a Ruby on Rails app that has the following within a template...

<form action="<%= request.original_url %>" method="post">

When I request the page over https I end up with a form action that has the exact same url as the original request, but instead of https:// it's being generated as http://, resulting in mixed content errors.

What am I missing? Under what circumstances would request.original_url return the wrong scheme?

I'm running Ruby on Rails using Unicorn and nginx.

Answer 1

It looks like this might be the solution to the problem:

http://blog.seancarpenter.net/2013/09/02/rails-ssl-route-generation-with-nginx-and-unicorn/

Because the site is running within nginx, nginx is terminating SSL, and Rails has no idea that this is the case.

To pass this info on to Rails, the nginx config needs to be set so that it adds the X-Forwarded-Proto https header as it forwards the request on to the appserver.

The example config from the above article shows...

location @app { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; # New header for SSL proxy_set_header Host $http_host; proxy_redirect off; proxy_pass http://unicorn_something_server; }