XForwardedSupport for https play! support on Heroku failing

Question

I am deploying an app on Heroku and trying to determine whether the request coming in is secure (request.secure). This is initially returning false on heroku because nginx h

Answer 1

I don't think Play supports the way that requests are forwarded (proxied) on Heroku via the XForwardedSupport configuration parameter. That would need to be set to the address of the Heroku load balancer and there isn't a way to configure that pre-runtime. Instead, you should just look at the x-forwarded-proto request header to determine if the request to the Heorku load balancer was via http or https. Maybe something like:

    Boolean secure = false;
    if (request.headers.get("x-forwarded-proto") != null) {
      secure = request.headers.get("x-forwarded-proto").values.contains("https");
    }
    System.out.println("secure = " + secure);

BTW: Heroku's cedar stack doesn't use Nginx. It uses MochiWeb, an Erlang-based web server.

Answer 2

thnx big time! you saved hours of struggling with heroku+play! I can confirm that when you set this in application.conf

XForwardedSupport=all

heroku stops complaining with SIGTERM

Answer 3

As pointed by @Dan Carley ticket on https://play.lighthouseapp.com/projects/57987/tickets/1406-play-123-124-playmvcrouter-does-not-fully-support-proxied-ssl#ticket-1406-4

When hosting on Heroku, (as pointed by Mirko) setting XForwardedSupport=all in application.conf works.