Thursday, September 26, 2019

Tip: X-Forwarded-Proto in APEX

The auth scheme is configured to use https. It redirects to EMAIL_INSTANCE_URL if it's not https. Since https terminates at the LB, APEX thinks it has to do this redirect.
There are 2 ways to disable it.
One option is to set the use_secure_cookie_yn flag to N.

The other is to pass the information that we are using https to ORDS and APEX.
You can do that with the X-Forwarded-Proto header

That should do the trick: RequestHeader set X-Forwarded-Proto "https"

No comments: