Activity
Rest-assured I overthought this!!
Host and Forwarded host only required and reverse proxy to the actual heroku app (this may not be necessary, as opposed to my other CNAME'd end-points). The below works.
customdomain.tv, another.customdomain.tv {
reverse_proxy https://actual-app-name.herokuapp.com {
header_up Host {upstream_hostport}
header_up X-Forwarded-Host {host}
}
log {
# blah
}
}
TL;DR - how do I override the base_url (akin to CSRF protection?) with a set of valid domains?
Hi all
I run a PaaS of sorts which at present is hosted on Heroku and I have to map all my custom domains 1:1 with Heroku generated CNAMEs. This is a bit painful to maintain after 15-20 domains but I am trying to move away from this model for a different reason. I need to know the user's IPv6 address if it is what is presented by their browser (because my video CDN CAN see ipv6 and it breaks token authentication when I generate against ipv4). Heroku doesn't support this as its router is ipv4 only.
Scenario: I have a reverse proxy set up and functioning in Caddy BUT it fails at the form submission stage.
i.e.
- My app (on heroku) responds at app.mydomain.com
- My goal is to add ipv6 awareness and a little protection in front of my app server
- My reverse proxy proxies to that domain and presents the site i'm requesting because I pass that through by forwarding the X-CustomDomain or similar (in Application Controller)
- I attempt to sign in, sign up and my logs read "HTTP Origin header (https://www.validclientsite.tv) didn't match request.base_url (https://app.mydomain.com)" on the form submission
I think my question is how do I override this base_url problem with a set of valid domains?
Heroku will proxy blindly via that specific URL but if I put something else in the regular x-REFERER header an SSL error occurs.
Hope that makes sense.
For clarity, my Caddy config set is below. I've commented out a few things that I added and have removed because Caddy does them automatically.
list-of-supported-domains.com {
reverse_proxy https://app.myapp.com {
header_up Host {upstream_hostport}
header_up X-Forwarded-Host app.myapp.com
header_up X-MyCustomReferrer {host} #"custom-domain.myapp.com"
#header_up X-Real-IP {remote_host}
#header_up X-Forwarded-Proto {scheme}
#header_up Access-Control-Allow-Origin *
#header_up Access-Control-Allow-Credentials true
#header_up Access-Control-Allow-Headers Cache-Control,Content-Type
}
log {
output file /var/log/caddy/heroku.log
}
}
In my rails app I do something like this (in a tenancy type manner)
custom_domain = request.headers['HTTP_X_CUSTOMREFERRER'] # or nil
ac = Account.find_site(request, custom_domain) # this uses request.domain and .subdomain where heroku knows the domains
PS Yes I'm building out a staging env in Hatchbox but a live migration is a bit much mid-season.