Booted Off Local Server - 302 error

100 views Asked by At

I'll start with the log that I am receiving below:

Dec.15.11.56-Rf: Incoming Request URL: / Dec.15.11.56-Rf: SECURE GET Path: / From: mlocal.cldeals.com Rewritten: www.cldeals.com Dec.15.11.56-Rf: Received 302 Found [text/html; charset=UTF-8] response for / Dec.15.11.56-Rf: Sending 302 text/html; charset=UTF-8 response for / Dec.15.11.56-Rf: Stats. Total: 0.52088702, Upstream: 0.48212701, Processing: 0.00105600, ProcessingOther: 0.04037500

Basically, when I go to mlocal.cldeals.com, it loads fine. If I click on another page, say mlocal.cldeals.com/products, that loads fine as well. The issue seems to be when I go to the account page and try to switch back to the homepage, maybe some type of security issue? When I try to switch back to mlocal.cldeals.com, the home page, it boots me off and sends me to www.cldeals.com. Is there something I can add to force this from not happening? Additionally, is this just a local server issue that would go away when I launch it on Moovweb's server? Any help is greatly appreciated.

Thank you.

1

There are 1 answers

0
gregorygtseng On BEST ANSWER

It looks like the backend response to https://www.cldeals.com is a 302 to http://www.cldeals.com:80/. Not sure why that is the case (see note below *)

curl -v -o /dev/null https://www.cldeals.com

This response contains a hardcoded Location header and your project is passing along the response as is, which is why you are being booted off your local server.

Because the Location header value has a port specified, you'll need to modify your config.json to include this line in the mapping:

{
  "host_map": [
    "$.cldeals.com => www.cldeals.com",
    "$.cldeals.com => www.cldeals.com:80"
  ]
}

This way, the SDK knows to rewrite that specific host:port value... (By default all HTTP requests go through port 80, so that information isn't really necessary)

*This is might be bug in the backend implementation because once you log in, you should be in HTTPS mode until you log out. (I can see some pages with personal information being transmitted over plain HTTP)