Search before asking
Enhancement Request
When the app is behind a SSL-terminating proxy, Shiro will redirect to the default screen, or login screen, via non-SSL URL. This is because servlet "thinks" that the connection is non-SSL.
However, since X-Forwarding-Proto is present, it should redirect to SSL.
This is not a huge deal since the proxy will redirect back to SSL, however, it leads to 2+ additional redirect per login request, which should be avoided as optimization.
Describe the solution you'd like
Override sendRedirect() and append https:// prefix if it's detected that https protocol is used by the proxy
Are you willing to submit PR?
Search before asking
Enhancement Request
When the app is behind a SSL-terminating proxy, Shiro will redirect to the default screen, or login screen, via non-SSL URL. This is because servlet "thinks" that the connection is non-SSL.
However, since
X-Forwarding-Protois present, it should redirect to SSL.This is not a huge deal since the proxy will redirect back to SSL, however, it leads to 2+ additional redirect per login request, which should be avoided as optimization.
Describe the solution you'd like
Override
sendRedirect()and appendhttps://prefix if it's detected that https protocol is used by the proxyAre you willing to submit PR?