HTTP Origin header (https://myapp.com) didn't match request.base_url (http://myapp.com)

Question

I'm using Rails 6, Devise for authentication and testing my app on Google Chrome. I can log in successfully. However when the user tries to log out by clicking on the Log Out button, it doesn't log out and only redirects to the home page.

I have the application containerised using Docker and Docker Compose and I'm using PostgreSQL for the database, ElasticSearch for search and NGINX for the web server.

This appears to be a caching or cookie issue. When I delete the _myapp_session cookie in Google Chrome Developer Tools in the Storage section under the Application tab, then refresh, the issue is fixed and the user is logged out.

UPDATE: The issue was being caused by:

HTTP Origin header (https://myapp.com) didn't match request.base_url (http://myapp.com)

Here's the logs from NGINX server console (frontend_1) when visiting the website, logging in and then making the log out request.

frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:19:57 +0000] "GET / HTTP/1.1" 200 6087 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:19:58 +0000] "GET /assets/application-29dded2730529466cbe16f8bf7dff8cd81c27f5c29357a0ee19ce611c7fae223.css HTTP/1.1" 200 24974 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:19:58 +0000] "GET /packs/js/application-e72ce6426a0e2e571ed2.js HTTP/1.1" 200 18152 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:19:58 +0000] "GET /packs/js/counter-a7c63b11c8fcb5e204df.js HTTP/1.1" 200 642 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:19:58.193455 #1]  INFO -- : Started GET "/assets/glassfacade.jpg" for 37.228.235.151 at 2021-01-30 13:19:58 +0000
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:19:58 +0000] "GET /assets/glassfacade.jpg HTTP/1.1" 304 0 "https://myapp.ie/assets/application-29dded2730529466cbe16f8bf7dff8cd81c27f5c29357a0ee19ce611c7fae223.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:19:58 +0000] "GET /service-worker.js HTTP/1.1" 304 0 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:07.240769 #1]  INFO -- : Started GET "/users/sign_in" for 37.228.235.151 at 2021-01-30 13:20:07 +0000
web_1            | I, [2021-01-30T13:20:07.242349 #1]  INFO -- : Processing by Devise::SessionsController#new as HTML
web_1            | I, [2021-01-30T13:20:07.270212 #1]  INFO -- :   Rendering devise/sessions/new.html.erb within layouts/application
web_1            | I, [2021-01-30T13:20:07.277828 #1]  INFO -- :   Rendered devise/shared/_links.html.erb (Duration: 1.8ms | Allocations: 674)
web_1            | I, [2021-01-30T13:20:07.278818 #1]  INFO -- :   Rendered devise/sessions/new.html.erb within layouts/application (Duration: 7.8ms | Allocations: 1788)
web_1            | I, [2021-01-30T13:20:07.280610 #1]  INFO -- :   Rendered layouts/nav/_public.html.erb (Duration: 0.5ms | Allocations: 245)
web_1            | I, [2021-01-30T13:20:07.281343 #1]  INFO -- :   Rendered layouts/_footer.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | I, [2021-01-30T13:20:07.282268 #1]  INFO -- : Completed 200 OK in 39ms (Views: 14.5ms | ActiveRecord: 7.6ms | Allocations: 15604)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:07 +0000] "GET /users/sign_in HTTP/1.1" 200 5629 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:09.081121 #1]  INFO -- : Started POST "/users/sign_in" for 37.228.235.151 at 2021-01-30 13:20:09 +0000
web_1            | I, [2021-01-30T13:20:09.082596 #1]  INFO -- : Processing by Devise::SessionsController#create as HTML
web_1            | I, [2021-01-30T13:20:09.083112 #1]  INFO -- :   Parameters: {"authenticity_token"=>"/ANjiDtsz6E4C8/jmmZ+i1hGi7fxQ2W3I/mxKKCKwapYEeJiK5QSRplAbyTWO541xDZc9Er9MB0Whbyz97SB0w==", "user"=>{"email"=>"myapp@gmail.com", "password"=>"[FILTERED]"}}
web_1            | D, [2021-01-30T13:20:09.091385 #1] DEBUG -- :   User Load (1.7ms)  SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["email", "myapp@gmail.com"], ["LIMIT", 1]]
web_1            | D, [2021-01-30T13:20:09.337144 #1] DEBUG -- :    (0.3ms)  BEGIN
web_1            | D, [2021-01-30T13:20:09.339573 #1] DEBUG -- :   User Update (1.5ms)  UPDATE "users" SET "current_sign_in_at" = $1, "last_sign_in_at" = $2, "sign_in_count" = $3, "updated_at" = $4 WHERE "users"."id" = $5  [["current_sign_in_at", "2021-01-30 13:20:09.334709"], ["last_sign_in_at", "2021-01-30 12:40:17.072091"], ["sign_in_count", 72], ["updated_at", "2021-01-30 13:20:09.336027"], ["id", 3]]
web_1            | D, [2021-01-30T13:20:09.341133 #1] DEBUG -- :    (0.6ms)  COMMIT
web_1            | I, [2021-01-30T13:20:09.344229 #1]  INFO -- : Redirected to http://myapp.ie/
web_1            | I, [2021-01-30T13:20:09.344743 #1]  INFO -- : Completed 302 Found in 261ms (ActiveRecord: 4.3ms | Allocations: 5188)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:09 +0000] "POST /users/sign_in HTTP/1.1" 302 97 "https://myapp.ie/users/sign_in" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:09 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:09.451080 #1]  INFO -- : Started GET "/" for 37.228.235.151 at 2021-01-30 13:20:09 +0000
web_1            | I, [2021-01-30T13:20:09.452431 #1]  INFO -- : Processing by PublicController#main as HTML
web_1            | I, [2021-01-30T13:20:09.454279 #1]  INFO -- :   Rendering public/main.html.erb within layouts/application
web_1            | I, [2021-01-30T13:20:09.455073 #1]  INFO -- :   Rendered properties/_search.html.erb (Duration: 0.3ms | Allocations: 126)
web_1            | I, [2021-01-30T13:20:09.455572 #1]  INFO -- :   Rendered properties/_location_search.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | D, [2021-01-30T13:20:09.467424 #1] DEBUG -- :    (11.1ms)  SELECT COUNT(*) FROM "properties"
web_1            | D, [2021-01-30T13:20:09.493249 #1] DEBUG -- :    (24.3ms)  SELECT COUNT(*) FROM "units"
web_1            | D, [2021-01-30T13:20:09.502977 #1] DEBUG -- :    (8.0ms)  SELECT COUNT(*) FROM "leases"
web_1            | D, [2021-01-30T13:20:09.545248 #1] DEBUG -- :    (40.5ms)  SELECT SUM("units"."area") FROM "units"
web_1            | I, [2021-01-30T13:20:09.546565 #1]  INFO -- :   Rendered public/main.html.erb within layouts/application (Duration: 91.9ms | Allocations: 1925)
web_1            | D, [2021-01-30T13:20:09.548941 #1] DEBUG -- :   User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 3], ["LIMIT", 1]]
web_1            | I, [2021-01-30T13:20:09.550025 #1]  INFO -- :   Rendered layouts/nav/_public.html.erb (Duration: 2.3ms | Allocations: 480)
web_1            | I, [2021-01-30T13:20:09.550538 #1]  INFO -- :   Rendered layouts/_footer.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | I, [2021-01-30T13:20:09.551270 #1]  INFO -- : Completed 200 OK in 98ms (Views: 12.8ms | ActiveRecord: 84.3ms | Allocations: 3343)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:09 +0000] "GET / HTTP/1.1" 200 6293 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:09.691278 #1]  INFO -- : Started GET "/assets/glassfacade.jpg" for 37.228.235.151 at 2021-01-30 13:20:09 +0000
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:09 +0000] "GET /assets/glassfacade.jpg HTTP/1.1" 304 0 "https://myapp.ie/assets/application-29dded2730529466cbe16f8bf7dff8cd81c27f5c29357a0ee19ce611c7fae223.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:11 +0000] "GET /service-worker.js HTTP/1.1" 304 0 "https://myapp.ie/service-worker.js" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:12.198820 #1]  INFO -- : Started GET "/about" for 37.228.235.151 at 2021-01-30 13:20:12 +0000
web_1            | I, [2021-01-30T13:20:12.200636 #1]  INFO -- : Processing by PublicController#about as HTML
web_1            | I, [2021-01-30T13:20:12.202063 #1]  INFO -- :   Rendering public/about.html.erb within layouts/application
web_1            | I, [2021-01-30T13:20:12.203238 #1]  INFO -- :   Rendered public/about.html.erb within layouts/application (Duration: 0.7ms | Allocations: 81)
web_1            | D, [2021-01-30T13:20:12.205584 #1] DEBUG -- :   User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 3], ["LIMIT", 1]]
web_1            | I, [2021-01-30T13:20:12.206563 #1]  INFO -- :   Rendered layouts/nav/_public.html.erb (Duration: 2.4ms | Allocations: 489)
web_1            | I, [2021-01-30T13:20:12.207090 #1]  INFO -- :   Rendered layouts/_footer.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | I, [2021-01-30T13:20:12.207775 #1]  INFO -- : Completed 200 OK in 7ms (Views: 5.5ms | ActiveRecord: 0.3ms | Allocations: 1520)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:12 +0000] "GET /about HTTP/1.1" 200 5118 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:13.659115 #1]  INFO -- : Started DELETE "/users/sign_out" for 37.228.235.151 at 2021-01-30 13:20:13 +0000
web_1            | I, [2021-01-30T13:20:13.660569 #1]  INFO -- : Processing by Devise::SessionsController#destroy as HTML
web_1            | I, [2021-01-30T13:20:13.661108 #1]  INFO -- :   Parameters: {"authenticity_token"=>"i/QcCh+oNqxaSVc8zFsi/AquQe4gZrde5Q27jQPofDqf24T3SiQtVDfuQn5064O0CpKIjcYSadJLcnxbxjMsMA=="}
web_1            | D, [2021-01-30T13:20:13.663275 #1] DEBUG -- :   User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 3], ["LIMIT", 1]]
web_1            | W, [2021-01-30T13:20:13.664093 #1]  WARN -- : HTTP Origin header (https://myapp.ie) didn't match request.base_url (http://myapp.ie)
web_1            | I, [2021-01-30T13:20:13.668687 #1]  INFO -- : Redirected to http://myapp.ie/
web_1            | I, [2021-01-30T13:20:13.669386 #1]  INFO -- : Completed 302 Found in 8ms (ActiveRecord: 0.4ms | Allocations: 1567)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:13 +0000] "POST /users/sign_out HTTP/1.1" 302 97 "https://myapp.ie/about" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:13 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:13.743342 #1]  INFO -- : Started GET "/" for 37.228.235.151 at 2021-01-30 13:20:13 +0000
web_1            | I, [2021-01-30T13:20:13.744745 #1]  INFO -- : Processing by PublicController#main as HTML
web_1            | I, [2021-01-30T13:20:13.746818 #1]  INFO -- :   Rendering public/main.html.erb within layouts/application
web_1            | I, [2021-01-30T13:20:13.747823 #1]  INFO -- :   Rendered properties/_search.html.erb (Duration: 0.3ms | Allocations: 122)
web_1            | I, [2021-01-30T13:20:13.748429 #1]  INFO -- :   Rendered properties/_location_search.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | D, [2021-01-30T13:20:13.761225 #1] DEBUG -- :    (12.0ms)  SELECT COUNT(*) FROM "properties"
web_1            | D, [2021-01-30T13:20:13.788611 #1] DEBUG -- :    (25.5ms)  SELECT COUNT(*) FROM "units"
web_1            | D, [2021-01-30T13:20:13.798794 #1] DEBUG -- :    (8.5ms)  SELECT COUNT(*) FROM "leases"
web_1            | D, [2021-01-30T13:20:13.857923 #1] DEBUG -- :    (57.4ms)  SELECT SUM("units"."area") FROM "units"
web_1            | I, [2021-01-30T13:20:13.859815 #1]  INFO -- :   Rendered public/main.html.erb within layouts/application (Duration: 112.4ms | Allocations: 1912)
web_1            | D, [2021-01-30T13:20:13.862652 #1] DEBUG -- :   User Load (0.5ms)  SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 3], ["LIMIT", 1]]
web_1            | I, [2021-01-30T13:20:13.864165 #1]  INFO -- :   Rendered layouts/nav/_public.html.erb (Duration: 2.9ms | Allocations: 456)
web_1            | I, [2021-01-30T13:20:13.864897 #1]  INFO -- :   Rendered layouts/_footer.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | I, [2021-01-30T13:20:13.865864 #1]  INFO -- : Completed 200 OK in 120ms (Views: 15.4ms | ActiveRecord: 103.8ms | Allocations: 3267)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:13 +0000] "GET / HTTP/1.1" 200 6214 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:15.624864 #1]  INFO -- : Started GET "/about" for 37.228.235.151 at 2021-01-30 13:20:15 +0000
web_1            | I, [2021-01-30T13:20:15.626281 #1]  INFO -- : Processing by PublicController#about as HTML
web_1            | I, [2021-01-30T13:20:15.627529 #1]  INFO -- :   Rendering public/about.html.erb within layouts/application
web_1            | I, [2021-01-30T13:20:15.627986 #1]  INFO -- :   Rendered public/about.html.erb within layouts/application (Duration: 0.0ms | Allocations: 5)
web_1            | D, [2021-01-30T13:20:15.630172 #1] DEBUG -- :   User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 3], ["LIMIT", 1]]
web_1            | I, [2021-01-30T13:20:15.631174 #1]  INFO -- :   Rendered layouts/nav/_public.html.erb (Duration: 2.3ms | Allocations: 488)
web_1            | I, [2021-01-30T13:20:15.631643 #1]  INFO -- :   Rendered layouts/_footer.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | I, [2021-01-30T13:20:15.632284 #1]  INFO -- : Completed 200 OK in 5ms (Views: 4.6ms | ActiveRecord: 0.3ms | Allocations: 1333)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:15 +0000] "GET /about HTTP/1.1" 200 5118 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:15 +0000] "GET /service-worker.js HTTP/1.1" 304 0 "https://myapp.ie/service-worker.js" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"

My Devise controllers are all standard (I haven't edited them).

Here's my Application Controller

class ApplicationController < ActionController::Base

    # To clear cache to allow logging out.
    before_action :set_cache_headers

    protect_from_forgery prepend: true

    # To enable sign in to function correctly.
    skip_before_action :verify_authenticity_token, :only => :create

    before_action :configure_permitted_parameters, if: :devise_controller?

    def index
        
    end

    def set_cache_headers
        response.headers["Cache-Control"] = "no-cache, no-store"
        response.headers["Pragma"] = "no-cache"
        response.headers["Expires"] = "Mon, 01 Jan 1990 00:00:00 GMT"
    end

    protected

    # Restrict parameters for sign up input.
    def configure_permitted_parameters
        added_attrs = [:first_name, :last_name, :email, :encrypted_password, :password_confirmation, :remember_me]
        devise_parameter_sanitizer.permit(:sign_up, keys: added_attrs)
        devise_parameter_sanitizer.permit(:account_update, keys: added_attrs)
        devise_parameter_sanitizer.permit(:sign_in, keys: added_attrs)
    end

end

Here's my Application.html.erb

<!DOCTYPE html>
<html>
  <head>
    <title>MyApp</title>
    <link rel="manifest" href="manifest.webmanifest">
    <link rel="apple-touch-icon" href="/apple-touch-icon.png">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="theme-color" content="#ff8a00">
    <meta name="msapplication-navbutton--color" content="#ff8a00">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="default">
    <%= csrf_meta_tags %>
    <%= csp_meta_tag %>
    <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %>
    <%= javascript_pack_tag 'application', 'data-turbolinks-track': 'reload' %>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
    <link href="https://fonts.googleapis.com/css?family=Text+Me+One&display=swap" rel="stylesheet">
  </head>

  <body id="<%= controller.controller_name %>" class="<%= controller.action_name %> <%= "show-sidebar" if @show_sidebar.present? %>">
    <div class="wrapper">
      <% if @show_sidebar.nil? %>
        <header>
          <%= render "layouts/nav/public" %>
        </header>
        <%= yield %>
      <% else %>
        <%= render "layouts/nav/dashboard" %>

        <div class="container-fluid">
          <div class="row">
            <%= render "layouts/nav/sidebar" %>
            <main role="main" class="col-md-9 ml-sm-auto col-lg-10 px-md-4 mt-4">
              <%= yield %>
            </main>
          </div>
        </div>
      <% end %>
      <div class="push"></div>
    </div>

    <%= render "layouts/footer" %>

    <div id="notifications"><%= notice %></div>

    <!-- PWA Step 1 - Registration -->
    <script type="text/javascript">
    if ('serviceWorker' in navigator) {
      window.addEventListener('load', function() {
        navigator.serviceWorker.register('/service-worker.js').then(function(registration) {
          // Registration was successful
          console.log('ServiceWorker registration successful with scope: ', registration.scope);
        }, function(err) {
          // registration failed :(
          console.log('ServiceWorker registration failed: ', err);
        });
      });
    }
    </script>
    <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/feather-icons/4.9.0/feather.min.js"></script>
    <script>feather.replace()</script>
    <%= javascript_pack_tag "counter" %>
  </body>
</html>

Here's the part of the view that displays the Log In / Log Out link.

<ul class="navbar-nav mr-auto" id="right-nav-menu">
      <li class="nav-item">
      <% if notice %>
        <p class="nav-link"><%= notice %></p>
      <% end %>
      <% if alert %>
        <p class="nav-link"><%= alert %></p>
      <% end %>
      </li>
      <li class="nav-item">
      <% if user_signed_in? %>
        <strong class="nav-link"><p><%= current_user.first_name %> <%= current_user.last_name %></p></strong>
      <% end %>
      </li>
      <% if user_signed_in? %>
        <li class="nav-item">
          <strong><%= link_to 'Edit Profile', edit_user_registration_path, :class => 'nav-link' %></strong>
        </li>
        <li class="nav-item">
          <strong><%= link_to "Log Out", destroy_user_session_path, method: :delete, :class => 'nav-link' %></strong>
        </li>
      <% else %>
        <li class="nav-item">
          <strong><%= link_to "Log In", new_user_session_path, :class => 'nav-link' %></strong>
        </li>
        <li class="nav-item">
          <strong><%= link_to "Sign Up", new_user_registration_path, :class => 'nav-link'  %></strong>
        </li>
      <% end %>
    </ul>

I'm not sure if there's any other code that would be helpful to resolve but if so, please let me know and I will add to the above. Appreciate any help.

You may check this post also can you also share where you put user's name on view etc. https://stackoverflow.com/questions/38158904/how-to-invalidate-all-sessions-after-user-log-out-in-rails — Muhammed Kılıç, Jan 17 '21 at 20:16
Thanks Muhammed, I've added the part of the view with the Log In / Log Out link. I'll read that answer you have linked to. — John Hanlon, Jan 17 '21 at 20:53
Show the logs from the rails app when you do that request, maybe it shows something useful — arieljuod, Jan 24 '21 at 13:12
@arieljuod I've added the NGINX (frontend_1) server logs above. — John Hanlon, Jan 24 '21 at 13:56
I mean the rails logs, not the nginx logs, look at your rails' `log/production.log` file. — arieljuod, Jan 24 '21 at 14:36
@arieljuod I've added the response from the NGINX server above with logging enabled - I hope that this additional detail helps (I'm still learning Rails and I can't seem to see these logs recorded in my production.log file but that's is another issue for a different Question). — John Hanlon, Jan 30 '21 at 13:45
You have this message before the redirect `web_1 | W, [2021-01-30T13:20:13.664093 #1] WARN -- : HTTP Origin header (https://myapp.ie) didn't match request.base_url (http://myapp.ie) web_1 | I, [2021-01-30T13:20:13.668687 #1] INFO -- : Redirected to http://myapp.ie/`. Looks like you have some http-https configuration issue there. Do you have the `http` url hardcoded somewhere? how are you handling the http > https redirection? there are some configurations for NGINX and some configurations for the Rails app. — arieljuod, Jan 30 '21 at 15:56
@arieljuod I think that it's something to do with my `config.hosts << "myapp.ie"`in my production.rb file. I'm trying to figure this out. — John Hanlon, Jan 30 '21 at 19:40
Try setting `config.force_ssl` to true https://guides.rubyonrails.org/configuring.html — arieljuod, Jan 30 '21 at 21:40
@arieljuod I've tried config.force_ssl = true but this doesn't work. The response is `frontend_1 | 37.228.235.151 - - [31/Jan/2021:17:14:12 +0000] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"`. I think that it's something to do with my NGINX .conf file configuration. — John Hanlon, Jan 31 '21 at 17:19
Thanks @arieljuod for your help! You pointed me in the right direction and I was able to resolve this issue. I've posted the answer below. — John Hanlon, Jan 31 '21 at 18:19

score 2 · Answer 1 · answered Feb 07 '22 at 08:34

2

In my humble opinion, there is a better option:

proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;

Found here: https://stackoverflow.com/a/57182441/3505166

answered Feb 07 '22 at 08:34

iRet

31
3

John Hanlon · Accepted Answer · 2021-01-31T18:29:06.547

I've finally figured this out and users can now log in and log out. As suggested in the comments, the HTTP Origin header warning was the source of the issue and the solution was to resolve this rather than anything to do with managing cookies or the cache (what I originally thought).

The warning WARN -- : HTTP Origin header (https://myapp.ie) didn't match request.base_url (http://myapp.ie) was resolved by including proxy_set_header origin 'http://myapp.ie'; in the .conf file in order to correctly configure the NGINX server.

The myapp.ie.conf file is below:

upstream docker {
    server web:3000 fail_timeout=0;
}

server {
    listen              443 ssl;
    server_name         myapp.ie;
    ssl_certificate     /etc/letsencrypt/live/myapp.ie/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/myapp.ie/privkey.pem;
    try_files $uri/index.html $uri @docker;
    client_max_body_size 4G;

    location @docker {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header origin 'http://myapp.ie';
        proxy_redirect off;
        proxy_pass http://docker;
    }
}

Source of solution here: https://github.com/heartcombo/devise/issues/4847

HTTP Origin header (https://myapp.com) didn't match request.base_url (http://myapp.com)

2 Answers2

Linked