Thursday, September 26, 2019

Tip: X-Forwarded-Proto in APEX


The auth scheme is configured to use https. It redirects to EMAIL_INSTANCE_URL if it's not https. Since https terminates at the LB, APEX thinks it has to do this redirect.
There are 2 ways to disable it.
One option is to set the use_secure_cookie_yn flag to N.

The other is to pass the information that we are using https to ORDS and APEX.
You can do that with the X-Forwarded-Proto header

https://webmasters.stackexchange.com/questions/97005/setting-x-forwarded-proto-under-apache-2-4

That should do the trick: RequestHeader set X-Forwarded-Proto "https"


No comments: