Yesterday, I found that Facebook login is broken on our app. Every time the user tries to log in, Facebook will return an error.
The error message said that “Facebook has detected your app isn’t using a secure connection to transfer information”. But our app always uses https since the first deploy. I read the document about this error written by Facebook. But I have no idea what’s wrong.
Then I notice that the URL of redirect_uri params is started by
So I go through the Facebook login process in our app. And I find out that the Omniauth has to detect the SSL. Like this issue.
To fix this error. We need to add two line in nginx.conf
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Port 443;
And you can add logger in Omniauth initializer as the answer said in issue.
# config/initializers/debug_ssl.rb Rails.application.config.to_prepare do # to_prepare ensures that the monkey patching happens before the first request OmniAuth::Strategy.class_eval do # reopen the class protected def ssl? # redefine the ssl? method # DEBUG/CUSTOMIZATION File.write('/tmp/omniauth.log', request.env.inspect) # DEBUG/CUSTOMIZATION request.env['HTTPS'] == 'on' || request.env['HTTP_X_FORWARDED_SSL'] == 'on' || request.env['HTTP_X_FORWARDED_SCHEME'] == 'https' || (request.env['HTTP_X_FORWARDED_PROTO'] && request.env['HTTP_X_FORWARDED_PROTO'].split(',') == 'https') || request.env['rack.url_scheme'] == 'https' end end end
After add Proto and Port value to conf, Omniauth will reture right value with
https to Facebook.