Yesterday, I found that Facebook login is broken on our app. Every time the user tries to log in, Facebook will return an error.

Git

The error message said that “Facebook has detected your app isn’t using a secure connection to transfer information”. But our app always uses https since the first deploy. I read the document about this error written by Facebook. But I have no idea what’s wrong.

Then I notice that the URL of redirect_uri params is started by http.  Why?

Git

So I go through the Facebook login process in our app. And I find out that the Omniauth has to detect the SSL. Like this issue.

To fix this error. We need to add two line in nginx.conf

proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;

And you can add logger in Omniauth initializer as the answer said in issue.

  # config/initializers/debug_ssl.rb
  Rails.application.config.to_prepare do              # to_prepare ensures that the monkey patching happens before the first request
    OmniAuth::Strategy.class_eval do                  # reopen the class
      protected

      def ssl?                                        # redefine the ssl? method
        # DEBUG/CUSTOMIZATION
        File.write('/tmp/omniauth.log', request.env.inspect)
        # DEBUG/CUSTOMIZATION

        request.env['HTTPS'] == 'on' ||
          request.env['HTTP_X_FORWARDED_SSL'] == 'on' ||
          request.env['HTTP_X_FORWARDED_SCHEME'] == 'https' ||
          (request.env['HTTP_X_FORWARDED_PROTO'] && request.env['HTTP_X_FORWARDED_PROTO'].split(',')[0] == 'https') ||
          request.env['rack.url_scheme'] == 'https'
      end
    end
  end

After add Proto and Port value to conf, Omniauth will reture right value with https to Facebook.

Cool.