Rais omniauth implements Google login and works fine in the local environment.
In the server environment (CentOS, Nginx), a 403 error is displayed when a callback is made to the following URL after Google authentication.
https://dummy.com/auth/google_oauth2/callback?xxxxxxx&scope=email+https%3A%2F%2Fwww.googleapis.com&xxxxx
403 Forbidden Situation
In the course of our investigation, we found that accessing URLs containing "://" as shown below, regardless of omniauth or Google login, results in similar errors.
(Non-encoded)
https://dummy.com/?a=https://
(encoding)
https://dummy.com/?a=https%3A%2F%2F
I am wondering if there is a security setting for the server that prohibits access including ://
in the query parameters, but if you have any, could you please let me know?
There are no Rails or Nginx error logs or access logs for this issue.
CentOS 7
Nginx
Rails
As a result of the investigation, the problem was that the AWS WAF configuration blocked URLs containing ://
.
© 2024 OneMinuteCode. All rights reserved.