Hans van Dodewaard
03/21/2024, 4:02 PMjava.lang.IllegalArgumentException: You should set secure cookie only via secure transport (HTTPS)
According to https://github.com/ktorio/ktor/issues/311 I have to use the
ForwardedHeader plugin.
But this doesn't solve the problem.
I've added some logging:
intercept(ApplicationCallPipeline.Monitoring) {
logger.info("Before ForwardedHeaders: Remote host is ${call.request.origin.remoteHost}")
logger.info("Before ForwardedHeaders: Scheme is ${call.request.origin.scheme}")
call.request.headers.entries().forEach {
logger.info("Header: ${it.key} = ${it.value}")
}
}
intercept(ApplicationCallPipeline.Monitoring) {
logger.info("After ForwardedHeaders: Remote host is ${call.request.origin.remoteHost}")
logger.info("After ForwardedHeaders: Scheme is ${call.request.origin.scheme}")
}
This is the output:
INFO | Application | Before ForwardedHeaders: Remote host is 10-244-3-72.nginx-ingress-ingress-nginx-controller-admission.ingress-nginx.svc.cluster.local
INFO | Application | Before ForwardedHeaders: Scheme is http
INFO | Application | Header: Host = [app.mydomain.com]
INFO | Application | Header: X-Request-ID = [xxx]
INFO | Application | Header: X-Real-IP = [<my ip adres>]
INFO | Application | Header: X-Forwarded-For = [<my ip adres>, <my ip adres>]
INFO | Application | Header: X-Forwarded-Host = [app.mydomain.com, app.mydomain.com]
INFO | Application | Header: X-Forwarded-Port = [443, 443]
INFO | Application | Header: X-Forwarded-Proto = [https, https]
INFO | Application | Header: X-Forwarded-Scheme = [https]
INFO | Application | Header: X-Scheme = [https]
INFO | Application | Header: upgrade-insecure-requests = [1]
INFO | Application | Header: dnt = [1]
INFO | Application | Header: user-agent = [Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36]
INFO | Application | Header: accept = [text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7]
INFO | Application | Header: sec-fetch-site = [cross-site]
INFO | Application | Header: sec-fetch-mode = [navigate]
INFO | Application | Header: sec-fetch-dest = [document]
INFO | Application | Header: sec-ch-ua = ["Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"]
INFO | Application | Header: sec-ch-ua-mobile = [?0]
INFO | Application | Header: sec-ch-ua-platform = ["macOS"]
INFO | Application | Header: referer = [<https://login.my-authentication-domain.com/>]
INFO | Application | Header: accept-encoding = [gzip, deflate, br, zstd]
INFO | Application | Header: accept-language = [nl,en;q=0.9,en-US;q=0.8]
INFO | Application | After ForwardedHeaders: Remote host is 10-244-3-72.nginx-ingress-ingress-nginx-controller-admission.ingress-nginx.svc.cluster.local
INFO | Application | After ForwardedHeaders: Scheme is http
2024-03-21 | 15:48:18.994 | [eventLoopGroupProxy-4-1] | INFO | Application | Header: sec-fetch-dest = [document]
2024-03-21 | 15:48:18.994 | [eventLoopGroupProxy-4-1] | INFO | Application | Header: sec-ch-ua = ["Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"]
2024-03-21 | 15:48:18.994 | [eventLoopGroupProxy-4-1] | INFO | Application | Header: sec-ch-ua-mobile = [?0]
2024-03-21 | 15:48:18.994 | [eventLoopGroupProxy-4-1] | INFO | Application | Header: sec-ch-ua-platform = ["macOS"]
2024-03-21 | 15:48:18.994 | [eventLoopGroupProxy-4-1] | INFO | Application | Header: referer = [<https://login-test.sensus-processmanagement.com/>]
2024-03-21 | 15:48:18.994 | [eventLoopGroupProxy-4-1] | INFO | Application | Header: accept-encoding = [gzip, deflate, br, zstd]
2024-03-21 | 15:48:18.994 | [eventLoopGroupProxy-4-1] | INFO | Application | Header: accept-language = [nl,en;q=0.9,en-US;q=0.8]
2024-03-21 | 15:48:18.994 | [eventLoopGroupProxy-4-1] | INFO | Application | After ForwardedHeaders: Remote host is 10-244-3-72.nginx-ingress-ingress-nginx-controller-admission.ingress-nginx.svc.cluster.local
2024-03-21 | 15:48:18.994 | [eventLoopGroupProxy-4-1] | INFO | Application | After ForwardedHeaders: Scheme is http
What am I doing wrong?Bruce Hamilton
03/21/2024, 4:57 PMHans van Dodewaard
03/22/2024, 9:17 AM