Preventing http redirection over https request on Play! 1.2.x

Question

Even if the request comes over https; inner redirection of play (controller.action call) sends it to http. So my facebook app being blocked by some browsers. The app is on Heroku by the way.

There is some solutions to redirect all request to https, but we don't want this. I need the solution; if request comes as http then process it as http, same for https..

Thanks

Answer 1

The answer here (XForwardedSupport for https play! support on Heroku failing) describes how to detect if the request came into the Heroku routing layer as https or http. Specifically, if the x-forwarded-proto header contains https then the request was secure. By the time if gets into your play app SSL termination has occurred so the Play app sees all requests as insecure.