403 Error on Google Login Callback in Rais' omniauth

Asked 3 months ago, Updated 3 months ago, 12 views

Rais omniauth implements Google login and works fine in the local environment.
In the server environment (CentOS, Nginx), a 403 error is displayed when a callback is made to the following URL after Google authentication.

https://dummy.com/auth/google_oauth2/callback?xxxxxxx&scope=email+https%3A%2F%2Fwww.googleapis.com&xxxxx

403 Forbidden Situation

403 Forbidden Situation

In the course of our investigation, we found that accessing URLs containing "://" as shown below, regardless of omniauth or Google login, results in similar errors.

(Non-encoded)
https://dummy.com/?a=https://
(encoding)
https://dummy.com/?a=https%3A%2F%2F

I am wondering if there is a security setting for the server that prohibits access including :// in the query parameters, but if you have any, could you please let me know?

There are no Rails or Nginx error logs or access logs for this issue.

environment

CentOS 7
Nginx
Rails

ruby-on-rails centos nginx security url

2022-09-30 13:55

1 Answers

As a result of the investigation, the problem was that the AWS WAF configuration blocked URLs containing ://.


2022-09-30 13:55

If you have any answers or tips


© 2023 OneMinuteCode. All rights reserved.