Forcing spring hateoas to generate https links instead of http

Question

I'm using spring-boot:1.3.3, spring-hateoas:0.19.0 and spring-data-rest-core:2.4.4.

{
  "_embedded" : {
    "projects" : [ {
      "status" : "ACTIVE",
      "storageRegion" : "US",
      "dataSize" : 96850,
      "freemiumUnits" : 1,
      "_links" : {
        "self" : {
          "href" : "http://example.com/x-region-us/api/data/projects/2c9f93b755359a4a015535c19b1f0006"
        },
        "project" : {
          "href" : "http://example.com/x-region-us/api/data/projects/2c9f93b755359a4a015535c19b1f0006"
        },

This is example of content served by spring-hateoas. After a while I switched my application to SSL.

Problem comes when using traverson.js to jump(hop) through "_links". Error occures:

traverson.min.js:2 Mixed Content: The page at 'https://example.com/project-new' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://example.com/x-region-us/api/data/submittalActions'. This request has been blocked; the content must be served over HTTPS.

Is there a way to force spring to generate HTTPS links over HTTP in "_links" part of json?

That happens automatically when you call the REST endpoint via https. — a better oliver
@zeroflagL It doesn't happen. I call endpoint via https, but all href in "_links" property are with http prefix... — Ivan Aracki
I guess the client calls the nginx server via https which calls Spring Boot via http. That would lead to the result you described. There is one similar question on SO with a comment or answer from a Spring developer. A certain header can be set AFAIR. — a better oliver
@Raca if you are interested: stackoverflow.com/questions/38464001/… — phoenix7360

prianichnikov prianichnikov · Accepted Answer · 2017-12-19T14:54:03

If you use Apache Http Server, you need add in the config file this line:

RequestHeader set X-Forwarded-Proto "https"

Forcing spring hateoas to generate https links instead of http

2 Answers