How to configure a Ninja web application running on Heroku to force the use of SSL, that is, redirect all requests to HTTPS?
Asked
Active
Viewed 152 times
2 Answers
1
Here is the class to add in the conf package:
public class Filters implements ApplicationFilters {
@Override
public void addFilters (List<Class<? extends Filter>> list) {
list.add (HttpsFilter.class);
}
public static class HttpsFilter implements Filter {
@Override
public Result filter (FilterChain filterChain, Context context) {
if ("http".equals (context.getHeader ("X-Forwarded-Proto"))) {
return Results.redirect ("https://" + context.getHostname ()
+ context.getRequestPath ());
}
return filterChain.next (context);
}
}
}
Patrick
- 3,578
- 5
- 31
- 53
-1
If you look good in the ninja framework documentation it is indicated how to configure it to get what you want
http://www.ninjaframework.org/documentation/configuration_and_modes.html
Gianfrancesco Aurecchia
- 750
- 5
- 23
-
This does not tell me how to redirect http requests to https. – Patrick Jun 03 '17 at 21:31
-
OK I guess I understand, do you want that when a user connects to port 80 you want to redirect him to the 443? – Gianfrancesco Aurecchia Jun 03 '17 at 21:34
-
Yes you have guessed. – Patrick Jun 03 '17 at 21:36
-
OK I think you should set it on your web server, is the most convenient and safe solution, whot is the name of your web server? (es: apache, tomcat, ecc..) – Gianfrancesco Aurecchia Jun 03 '17 at 21:39
-
The Ninja app is hosted on Heroku. – Patrick Jun 03 '17 at 21:41
-
Ok keroku uses its web server, in which case you can not edit the configuration files but i found keroku ti to generate the ssl certificate.But I noticed that it allows you to manage web server web confs, after generating and inserting them through their systems you just have to make sure the web contains: "IdentitiesOnly yes", LINK:https://devcenter.heroku.com/articles/keys – Gianfrancesco Aurecchia Jun 03 '17 at 21:49
-
Sorry but this doesn't help, I don't have problems with SSH keys. – Patrick Jun 03 '17 at 21:53
-
You have to insert this line into in the heroku configuration -> IdentitiesOnly yes – Gianfrancesco Aurecchia Jun 03 '17 at 21:57