skip to Main Content

I’m using Rails 6, Devise for authentication and testing my app on Google Chrome. I can log in successfully. However when the user tries to log out by clicking on the Log Out button, it doesn’t log out and only redirects to the home page.

I have the application containerised using Docker and Docker Compose and I’m using PostgreSQL for the database, ElasticSearch for search and NGINX for the web server.

This appears to be a caching or cookie issue. When I delete the _myapp_session cookie in Google Chrome Developer Tools in the Storage section under the Application tab, then refresh, the issue is fixed and the user is logged out.

UPDATE: The issue was being caused by:

HTTP Origin header (https://myapp.com) didn't match request.base_url (http://myapp.com)

Here’s the logs from NGINX server console (frontend_1) when visiting the website, logging in and then making the log out request.

frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:19:57 +0000] "GET / HTTP/1.1" 200 6087 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:19:58 +0000] "GET /assets/application-29dded2730529466cbe16f8bf7dff8cd81c27f5c29357a0ee19ce611c7fae223.css HTTP/1.1" 200 24974 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:19:58 +0000] "GET /packs/js/application-e72ce6426a0e2e571ed2.js HTTP/1.1" 200 18152 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:19:58 +0000] "GET /packs/js/counter-a7c63b11c8fcb5e204df.js HTTP/1.1" 200 642 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:19:58.193455 #1]  INFO -- : Started GET "/assets/glassfacade.jpg" for 37.228.235.151 at 2021-01-30 13:19:58 +0000
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:19:58 +0000] "GET /assets/glassfacade.jpg HTTP/1.1" 304 0 "https://myapp.ie/assets/application-29dded2730529466cbe16f8bf7dff8cd81c27f5c29357a0ee19ce611c7fae223.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:19:58 +0000] "GET /service-worker.js HTTP/1.1" 304 0 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:07.240769 #1]  INFO -- : Started GET "/users/sign_in" for 37.228.235.151 at 2021-01-30 13:20:07 +0000
web_1            | I, [2021-01-30T13:20:07.242349 #1]  INFO -- : Processing by Devise::SessionsController#new as HTML
web_1            | I, [2021-01-30T13:20:07.270212 #1]  INFO -- :   Rendering devise/sessions/new.html.erb within layouts/application
web_1            | I, [2021-01-30T13:20:07.277828 #1]  INFO -- :   Rendered devise/shared/_links.html.erb (Duration: 1.8ms | Allocations: 674)
web_1            | I, [2021-01-30T13:20:07.278818 #1]  INFO -- :   Rendered devise/sessions/new.html.erb within layouts/application (Duration: 7.8ms | Allocations: 1788)
web_1            | I, [2021-01-30T13:20:07.280610 #1]  INFO -- :   Rendered layouts/nav/_public.html.erb (Duration: 0.5ms | Allocations: 245)
web_1            | I, [2021-01-30T13:20:07.281343 #1]  INFO -- :   Rendered layouts/_footer.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | I, [2021-01-30T13:20:07.282268 #1]  INFO -- : Completed 200 OK in 39ms (Views: 14.5ms | ActiveRecord: 7.6ms | Allocations: 15604)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:07 +0000] "GET /users/sign_in HTTP/1.1" 200 5629 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:09.081121 #1]  INFO -- : Started POST "/users/sign_in" for 37.228.235.151 at 2021-01-30 13:20:09 +0000
web_1            | I, [2021-01-30T13:20:09.082596 #1]  INFO -- : Processing by Devise::SessionsController#create as HTML
web_1            | I, [2021-01-30T13:20:09.083112 #1]  INFO -- :   Parameters: {"authenticity_token"=>"/ANjiDtsz6E4C8/jmmZ+i1hGi7fxQ2W3I/mxKKCKwapYEeJiK5QSRplAbyTWO541xDZc9Er9MB0Whbyz97SB0w==", "user"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}}
web_1            | D, [2021-01-30T13:20:09.091385 #1] DEBUG -- :   User Load (1.7ms)  SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["email", "[email protected]"], ["LIMIT", 1]]
web_1            | D, [2021-01-30T13:20:09.337144 #1] DEBUG -- :    (0.3ms)  BEGIN
web_1            | D, [2021-01-30T13:20:09.339573 #1] DEBUG -- :   User Update (1.5ms)  UPDATE "users" SET "current_sign_in_at" = $1, "last_sign_in_at" = $2, "sign_in_count" = $3, "updated_at" = $4 WHERE "users"."id" = $5  [["current_sign_in_at", "2021-01-30 13:20:09.334709"], ["last_sign_in_at", "2021-01-30 12:40:17.072091"], ["sign_in_count", 72], ["updated_at", "2021-01-30 13:20:09.336027"], ["id", 3]]
web_1            | D, [2021-01-30T13:20:09.341133 #1] DEBUG -- :    (0.6ms)  COMMIT
web_1            | I, [2021-01-30T13:20:09.344229 #1]  INFO -- : Redirected to http://myapp.ie/
web_1            | I, [2021-01-30T13:20:09.344743 #1]  INFO -- : Completed 302 Found in 261ms (ActiveRecord: 4.3ms | Allocations: 5188)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:09 +0000] "POST /users/sign_in HTTP/1.1" 302 97 "https://myapp.ie/users/sign_in" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:09 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:09.451080 #1]  INFO -- : Started GET "/" for 37.228.235.151 at 2021-01-30 13:20:09 +0000
web_1            | I, [2021-01-30T13:20:09.452431 #1]  INFO -- : Processing by PublicController#main as HTML
web_1            | I, [2021-01-30T13:20:09.454279 #1]  INFO -- :   Rendering public/main.html.erb within layouts/application
web_1            | I, [2021-01-30T13:20:09.455073 #1]  INFO -- :   Rendered properties/_search.html.erb (Duration: 0.3ms | Allocations: 126)
web_1            | I, [2021-01-30T13:20:09.455572 #1]  INFO -- :   Rendered properties/_location_search.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | D, [2021-01-30T13:20:09.467424 #1] DEBUG -- :    (11.1ms)  SELECT COUNT(*) FROM "properties"
web_1            | D, [2021-01-30T13:20:09.493249 #1] DEBUG -- :    (24.3ms)  SELECT COUNT(*) FROM "units"
web_1            | D, [2021-01-30T13:20:09.502977 #1] DEBUG -- :    (8.0ms)  SELECT COUNT(*) FROM "leases"
web_1            | D, [2021-01-30T13:20:09.545248 #1] DEBUG -- :    (40.5ms)  SELECT SUM("units"."area") FROM "units"
web_1            | I, [2021-01-30T13:20:09.546565 #1]  INFO -- :   Rendered public/main.html.erb within layouts/application (Duration: 91.9ms | Allocations: 1925)
web_1            | D, [2021-01-30T13:20:09.548941 #1] DEBUG -- :   User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 3], ["LIMIT", 1]]
web_1            | I, [2021-01-30T13:20:09.550025 #1]  INFO -- :   Rendered layouts/nav/_public.html.erb (Duration: 2.3ms | Allocations: 480)
web_1            | I, [2021-01-30T13:20:09.550538 #1]  INFO -- :   Rendered layouts/_footer.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | I, [2021-01-30T13:20:09.551270 #1]  INFO -- : Completed 200 OK in 98ms (Views: 12.8ms | ActiveRecord: 84.3ms | Allocations: 3343)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:09 +0000] "GET / HTTP/1.1" 200 6293 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:09.691278 #1]  INFO -- : Started GET "/assets/glassfacade.jpg" for 37.228.235.151 at 2021-01-30 13:20:09 +0000
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:09 +0000] "GET /assets/glassfacade.jpg HTTP/1.1" 304 0 "https://myapp.ie/assets/application-29dded2730529466cbe16f8bf7dff8cd81c27f5c29357a0ee19ce611c7fae223.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:11 +0000] "GET /service-worker.js HTTP/1.1" 304 0 "https://myapp.ie/service-worker.js" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:12.198820 #1]  INFO -- : Started GET "/about" for 37.228.235.151 at 2021-01-30 13:20:12 +0000
web_1            | I, [2021-01-30T13:20:12.200636 #1]  INFO -- : Processing by PublicController#about as HTML
web_1            | I, [2021-01-30T13:20:12.202063 #1]  INFO -- :   Rendering public/about.html.erb within layouts/application
web_1            | I, [2021-01-30T13:20:12.203238 #1]  INFO -- :   Rendered public/about.html.erb within layouts/application (Duration: 0.7ms | Allocations: 81)
web_1            | D, [2021-01-30T13:20:12.205584 #1] DEBUG -- :   User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 3], ["LIMIT", 1]]
web_1            | I, [2021-01-30T13:20:12.206563 #1]  INFO -- :   Rendered layouts/nav/_public.html.erb (Duration: 2.4ms | Allocations: 489)
web_1            | I, [2021-01-30T13:20:12.207090 #1]  INFO -- :   Rendered layouts/_footer.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | I, [2021-01-30T13:20:12.207775 #1]  INFO -- : Completed 200 OK in 7ms (Views: 5.5ms | ActiveRecord: 0.3ms | Allocations: 1520)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:12 +0000] "GET /about HTTP/1.1" 200 5118 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:13.659115 #1]  INFO -- : Started DELETE "/users/sign_out" for 37.228.235.151 at 2021-01-30 13:20:13 +0000
web_1            | I, [2021-01-30T13:20:13.660569 #1]  INFO -- : Processing by Devise::SessionsController#destroy as HTML
web_1            | I, [2021-01-30T13:20:13.661108 #1]  INFO -- :   Parameters: {"authenticity_token"=>"i/QcCh+oNqxaSVc8zFsi/AquQe4gZrde5Q27jQPofDqf24T3SiQtVDfuQn5064O0CpKIjcYSadJLcnxbxjMsMA=="}
web_1            | D, [2021-01-30T13:20:13.663275 #1] DEBUG -- :   User Load (0.4ms)  SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 3], ["LIMIT", 1]]
web_1            | W, [2021-01-30T13:20:13.664093 #1]  WARN -- : HTTP Origin header (https://myapp.ie) didn't match request.base_url (http://myapp.ie)
web_1            | I, [2021-01-30T13:20:13.668687 #1]  INFO -- : Redirected to http://myapp.ie/
web_1            | I, [2021-01-30T13:20:13.669386 #1]  INFO -- : Completed 302 Found in 8ms (ActiveRecord: 0.4ms | Allocations: 1567)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:13 +0000] "POST /users/sign_out HTTP/1.1" 302 97 "https://myapp.ie/about" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:13 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:13.743342 #1]  INFO -- : Started GET "/" for 37.228.235.151 at 2021-01-30 13:20:13 +0000
web_1            | I, [2021-01-30T13:20:13.744745 #1]  INFO -- : Processing by PublicController#main as HTML
web_1            | I, [2021-01-30T13:20:13.746818 #1]  INFO -- :   Rendering public/main.html.erb within layouts/application
web_1            | I, [2021-01-30T13:20:13.747823 #1]  INFO -- :   Rendered properties/_search.html.erb (Duration: 0.3ms | Allocations: 122)
web_1            | I, [2021-01-30T13:20:13.748429 #1]  INFO -- :   Rendered properties/_location_search.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | D, [2021-01-30T13:20:13.761225 #1] DEBUG -- :    (12.0ms)  SELECT COUNT(*) FROM "properties"
web_1            | D, [2021-01-30T13:20:13.788611 #1] DEBUG -- :    (25.5ms)  SELECT COUNT(*) FROM "units"
web_1            | D, [2021-01-30T13:20:13.798794 #1] DEBUG -- :    (8.5ms)  SELECT COUNT(*) FROM "leases"
web_1            | D, [2021-01-30T13:20:13.857923 #1] DEBUG -- :    (57.4ms)  SELECT SUM("units"."area") FROM "units"
web_1            | I, [2021-01-30T13:20:13.859815 #1]  INFO -- :   Rendered public/main.html.erb within layouts/application (Duration: 112.4ms | Allocations: 1912)
web_1            | D, [2021-01-30T13:20:13.862652 #1] DEBUG -- :   User Load (0.5ms)  SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 3], ["LIMIT", 1]]
web_1            | I, [2021-01-30T13:20:13.864165 #1]  INFO -- :   Rendered layouts/nav/_public.html.erb (Duration: 2.9ms | Allocations: 456)
web_1            | I, [2021-01-30T13:20:13.864897 #1]  INFO -- :   Rendered layouts/_footer.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | I, [2021-01-30T13:20:13.865864 #1]  INFO -- : Completed 200 OK in 120ms (Views: 15.4ms | ActiveRecord: 103.8ms | Allocations: 3267)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:13 +0000] "GET / HTTP/1.1" 200 6214 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
web_1            | I, [2021-01-30T13:20:15.624864 #1]  INFO -- : Started GET "/about" for 37.228.235.151 at 2021-01-30 13:20:15 +0000
web_1            | I, [2021-01-30T13:20:15.626281 #1]  INFO -- : Processing by PublicController#about as HTML
web_1            | I, [2021-01-30T13:20:15.627529 #1]  INFO -- :   Rendering public/about.html.erb within layouts/application
web_1            | I, [2021-01-30T13:20:15.627986 #1]  INFO -- :   Rendered public/about.html.erb within layouts/application (Duration: 0.0ms | Allocations: 5)
web_1            | D, [2021-01-30T13:20:15.630172 #1] DEBUG -- :   User Load (0.3ms)  SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 3], ["LIMIT", 1]]
web_1            | I, [2021-01-30T13:20:15.631174 #1]  INFO -- :   Rendered layouts/nav/_public.html.erb (Duration: 2.3ms | Allocations: 488)
web_1            | I, [2021-01-30T13:20:15.631643 #1]  INFO -- :   Rendered layouts/_footer.html.erb (Duration: 0.0ms | Allocations: 5)
web_1            | I, [2021-01-30T13:20:15.632284 #1]  INFO -- : Completed 200 OK in 5ms (Views: 4.6ms | ActiveRecord: 0.3ms | Allocations: 1333)
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:15 +0000] "GET /about HTTP/1.1" 200 5118 "https://myapp.ie/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"
frontend_1       | 37.228.235.151 - - [30/Jan/2021:13:20:15 +0000] "GET /service-worker.js HTTP/1.1" 304 0 "https://myapp.ie/service-worker.js" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.104 Safari/537.36" "-"

My Devise controllers are all standard (I haven’t edited them).

Here’s my Application Controller

class ApplicationController < ActionController::Base

    # To clear cache to allow logging out.
    before_action :set_cache_headers

    protect_from_forgery prepend: true

    # To enable sign in to function correctly.
    skip_before_action :verify_authenticity_token, :only => :create

    before_action :configure_permitted_parameters, if: :devise_controller?

    def index
        
    end

    def set_cache_headers
        response.headers["Cache-Control"] = "no-cache, no-store"
        response.headers["Pragma"] = "no-cache"
        response.headers["Expires"] = "Mon, 01 Jan 1990 00:00:00 GMT"
    end

    protected

    # Restrict parameters for sign up input.
    def configure_permitted_parameters
        added_attrs = [:first_name, :last_name, :email, :encrypted_password, :password_confirmation, :remember_me]
        devise_parameter_sanitizer.permit(:sign_up, keys: added_attrs)
        devise_parameter_sanitizer.permit(:account_update, keys: added_attrs)
        devise_parameter_sanitizer.permit(:sign_in, keys: added_attrs)
    end

end

Here’s my Application.html.erb

<!DOCTYPE html>
<html>
  <head>
    <title>MyApp</title>
    <link rel="manifest" href="manifest.webmanifest">
    <link rel="apple-touch-icon" href="/apple-touch-icon.png">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="theme-color" content="#ff8a00">
    <meta name="msapplication-navbutton--color" content="#ff8a00">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="default">
    <%= csrf_meta_tags %>
    <%= csp_meta_tag %>
    <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %>
    <%= javascript_pack_tag 'application', 'data-turbolinks-track': 'reload' %>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
    <link href="https://fonts.googleapis.com/css?family=Text+Me+One&display=swap" rel="stylesheet">
  </head>

  <body id="<%= controller.controller_name %>" class="<%= controller.action_name %> <%= "show-sidebar" if @show_sidebar.present? %>">
    <div class="wrapper">
      <% if @show_sidebar.nil? %>
        <header>
          <%= render "layouts/nav/public" %>
        </header>
        <%= yield %>
      <% else %>
        <%= render "layouts/nav/dashboard" %>

        <div class="container-fluid">
          <div class="row">
            <%= render "layouts/nav/sidebar" %>
            <main role="main" class="col-md-9 ml-sm-auto col-lg-10 px-md-4 mt-4">
              <%= yield %>
            </main>
          </div>
        </div>
      <% end %>
      <div class="push"></div>
    </div>

    <%= render "layouts/footer" %>

    <div id="notifications"><%= notice %></div>

    <!-- PWA Step 1 - Registration -->
    <script type="text/javascript">
    if ('serviceWorker' in navigator) {
      window.addEventListener('load', function() {
        navigator.serviceWorker.register('/service-worker.js').then(function(registration) {
          // Registration was successful
          console.log('ServiceWorker registration successful with scope: ', registration.scope);
        }, function(err) {
          // registration failed :(
          console.log('ServiceWorker registration failed: ', err);
        });
      });
    }
    </script>
    <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
    <script src="https://cdnjs.cloudflare.com/ajax/libs/feather-icons/4.9.0/feather.min.js"></script>
    <script>feather.replace()</script>
    <%= javascript_pack_tag "counter" %>
  </body>
</html>

Here’s the part of the view that displays the Log In / Log Out link.

<ul class="navbar-nav mr-auto" id="right-nav-menu">
      <li class="nav-item">
      <% if notice %>
        <p class="nav-link"><%= notice %></p>
      <% end %>
      <% if alert %>
        <p class="nav-link"><%= alert %></p>
      <% end %>
      </li>
      <li class="nav-item">
      <% if user_signed_in? %>
        <strong class="nav-link"><p><%= current_user.first_name %> <%= current_user.last_name %></p></strong>
      <% end %>
      </li>
      <% if user_signed_in? %>
        <li class="nav-item">
          <strong><%= link_to 'Edit Profile', edit_user_registration_path, :class => 'nav-link' %></strong>
        </li>
        <li class="nav-item">
          <strong><%= link_to "Log Out", destroy_user_session_path, method: :delete, :class => 'nav-link' %></strong>
        </li>
      <% else %>
        <li class="nav-item">
          <strong><%= link_to "Log In", new_user_session_path, :class => 'nav-link' %></strong>
        </li>
        <li class="nav-item">
          <strong><%= link_to "Sign Up", new_user_registration_path, :class => 'nav-link'  %></strong>
        </li>
      <% end %>
    </ul>

I’m not sure if there’s any other code that would be helpful to resolve but if so, please let me know and I will add to the above. Appreciate any help.

2

Answers


  1. Chosen as BEST ANSWER

    I've finally figured this out and users can now log in and log out. As suggested in the comments, the HTTP Origin header warning was the source of the issue and the solution was to resolve this rather than anything to do with managing cookies or the cache (what I originally thought).

    The warning WARN -- : HTTP Origin header (https://myapp.ie) didn't match request.base_url (http://myapp.ie) was resolved by including proxy_set_header origin 'http://myapp.ie'; in the .conf file in order to correctly configure the NGINX server.

    The myapp.ie.conf file is below:

    upstream docker {
        server web:3000 fail_timeout=0;
    }
    
    server {
        listen              443 ssl;
        server_name         myapp.ie;
        ssl_certificate     /etc/letsencrypt/live/myapp.ie/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/myapp.ie/privkey.pem;
        try_files $uri/index.html $uri @docker;
        client_max_body_size 4G;
    
        location @docker {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header origin 'http://myapp.ie';
            proxy_redirect off;
            proxy_pass http://docker;
        }
    }
    

    Source of solution here: https://github.com/heartcombo/devise/issues/4847


  2. In my humble opinion, there is a better option:

    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-Ssl on;
    

    Found here: https://stackoverflow.com/a/57182441/3505166

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search