During the process of upgrading a Rails 5 staging app to Rails 6, we encountered a few errors, caused by running on a subdomain. The homepage rendered correctly, however, the Omniauth sign in button caused an error.
HTTP Origin Header Mismatch
Here’s the first error:
1
HTTP Origin header (http://staging.app1.com) didn't match request.base_url (http://app1)
This was caused by the app’s Nginx configuration, which used proxy_pass. The problem was that the Host header was not set correctly. Here’s the updated Nginx file, including the fix:
1
2
3
4
5
6
7
8
9
10
server {
listen 80;
server_name staging.app1.com;
root /var/www/app1/current/public;
location / {
proxy_pass http://app1;
+ proxy_set_header Host $http_host;
}
Blocked Host
After fixing the header mismatch we found another issue:
1
2
3
4
5
Blocked host: staging.app1.com
To allow requests to staging.app1.com make sure it is a valid hostname (containing only numbers, letters, dashes and dots), then add the following to your environment configuration:
config.hosts << "staging.app1.com"
This error was also due to running the app on a subdomain. The fix was simple, subdomains must be added to config.hosts. In our case we updated config/environments/development.rb:
1
config.hosts << "staging.app1.com"
This is required because the default config.hosts configuration, for development, is as follows:
1
2
3
4
5
Rails.application.config.hosts = [
IPAddr.new("0.0.0.0/0"), # All IPv4 addresses.
IPAddr.new("::/0"), # All IPv6 addresses.
"localhost" # The localhost reserved domain.
]
Custom subdomains must be added manually.