FastAPI redirection for trailing slash returns non-SSL link

Question

When we call an endpoint and a redirect occurs due to a missing trailing slash. As you can see in the image below, when a request is made to https://.../notifications, the FastAPI server responds with a redirect to http://.../notifications/

I suspect that it's an app configuration issue rather than a server configuration issue. Does anyone have an idea of how to resolve this issue?

Answer 1

This is because your application isn't trusting the reverse proxy's headers overriding the scheme (the X-Forwarded-Proto header that's passed when it handles a TLS request).

There's a few ways we can fix that:

• If you're running the application straight from uvicorn server, try using the flag --forwarded-allow-ips '*'.

• If you're running gunicorn you can set as well the flag --forwarded-allow-ips="*".

• In either application, you can additionally use the FORWARDED_ALLOW_IPS environment variable.

Important: the * should be used only as a test, as it'll lead your application to trust the X-Forwarded-* headers from any source. I suggest you read uvicorn's docs and gunicorn's docs for a deeper knowledge of what to set in this flag and why.