I have a Grails app with some pages only accessible over https and some over http. This is easily handled using a before filter. However when on an https page as soon as a controller does a redirect the user ends up back on http and is directed to https again by the filter.
def update = {
...
redirect(action: "show", id: domainInstance.id)
}
In Firebug I get:
POST ... localhost:8443 (the form submit to controller)
GET ... 302 ... localhost:8080 (the redirect to show in controller)
GET ... 301 ... localhost:8443 (the redirect back to https in filter)
How can I get the controller redirect call to "remember" the current protocol etc.? Or am I doing something else wrong?
I sorted this out by using an after filter to convert the "Location" header in the response to https when needed. The default CachingLinkGenerator is constructed with the http server URL and uses this to create links. So there doesn't seem to be a way to get it to keep the protocol. I also couldn't see any easy way to replace it with my own extended LinkGenerator.
class SecurityFilters {
def filters = {
overall(controller: '*', action: '*') {
after = {
String loc = response.getHeader("Location")
if (isRequiresHttps()) {
response.setHeader("Location", convertToHttps(loc))
}
}
}
}
private boolean isRequiresHttps() { ... }
private String convertToHttps(String url) { ... }
}