interactive-login-redirect fails when forcing SSL

[sritchie]

I'm using the require-scheme-with-proxy on heroku, and this function looks like it tries to redirect to port 80:

(defn interactive-login-redirect
  [{:keys [form-params params] :as request}]
  (ring.util.response/redirect
   (let [param (str "&login_failed=Y&username="
                    (java.net.URLEncoder/encode (or (get form-params "username") (:username params ""))))
         ^String login-uri (-> request ::friend/auth-config :login-uri (#(str (:context request) %)))]
     (util/resolve-absolute-uri
      (str (if (.contains login-uri "?") login-uri (str login-uri "?"))
           param)
      request))))

Probably just a matter of building the URL slightly more carefully.

[cemerick]

require-scheme-with-proxy should be bouncing people out to HTTPS as soon as they land, so the scheme/port coming into interactive-login-redirect should already be "correct". util/original-url is what's actually touching the scheme/port, and it (ostensibly, skimming it now) has support for properly tracking SSL, etc., so it shouldn't downgrade anyone to HTTP. (…unless heroku isn't sending x-forwarded-proto headers anymore?)

Anyway, confused. I'll see if I can replicate.