1

Everything works fine If I use https://mysite.in but the Authorization header is not passed to HTTPS along with the redirect in the case of http://mysite.in.

What is the reason behind it? What am I missing?

Following is the code in apache2.conf.

<IfModule mod_ssl.c>
    <VirtualHost _default_:80>
           ServerName mysite.in
           ServerAlias mysite.in
           Redirect / https://mysite.in/

    </VirtualHost>


    <VirtualHost _default_:443>
            ServerName mysite.in
            ServerAdmin email@gmail.com

-----------------Some more configs like SSLEngine ON, ProxyPass, ProxyPassReverse
     ----------------
     </VirtualHost>

</IfModule mod_ssl.c>
Olaf Kock
  • 46,930
  • 8
  • 59
  • 90
codepeaker
  • 420
  • 8
  • 15
  • 1
    hi, perhaps this might be of interest https://stackoverflow.com/questions/28564961/authorization-header-is-lost-on-redirect – IronMan Dec 14 '20 at 21:42
  • Hi @IronMan I saw the answer but it involves some code in java instead of changes in the config of apache. I am looking for that missing config with which header can also be passed – codepeaker Dec 14 '20 at 21:48
  • @codepeaker the redirect will come back to the client, and the client will issue a new request, that new request will not contain the `Authorization` header for the reasons pointed out by @IronMan. Not sure there even is a solution for you. – Joakim Erdfelt Dec 15 '20 at 19:26
  • Understood but how could I redirect users who are using http with Auth to https along with Auth – codepeaker Dec 16 '20 at 07:36

0 Answers0