XForwardedSupport for https play! support on Heroku failing

Question

I am deploying an app on Heroku and trying to determine whether the request coming in is secure (request.secure). This is initially returning false on heroku because nginx handles the SSL work and communicates over plain http to the app server. So to let play read the headers that let is know it's a secure request I add:

XForwardedSupport=127.0.0.1

To application.conf as recommended in the play message boards. However, then all requests (except for images) fail with no error. It seems to be something fundamental happening before it hits the play logs. Has anyone experienced this?

Answer 1

I don't think Play supports the way that requests are forwarded (proxied) on Heroku via the XForwardedSupport configuration parameter. That would need to be set to the address of the Heroku load balancer and there isn't a way to configure that pre-runtime. Instead, you should just look at the x-forwarded-proto request header to determine if the request to the Heorku load balancer was via http or https. Maybe something like:

    Boolean secure = false;
    if (request.headers.get("x-forwarded-proto") != null) {
      secure = request.headers.get("x-forwarded-proto").values.contains("https");
    }
    System.out.println("secure = " + secure);

BTW: Heroku's cedar stack doesn't use Nginx. It uses MochiWeb, an Erlang-based web server.

Answer 2

thnx big time! you saved hours of struggling with heroku+play! I can confirm that when you set this in application.conf

XForwardedSupport=all

heroku stops complaining with SIGTERM

Answer 3

As pointed by @Dan Carley ticket on https://play.lighthouseapp.com/projects/57987/tickets/1406-play-123-124-playmvcrouter-does-not-fully-support-proxied-ssl#ticket-1406-4

When hosting on Heroku, (as pointed by Mirko) setting XForwardedSupport=all in application.conf works.