Pages access control does not correctly detect HTTP vs HTTPS in proxy mode
When Pages is running behind NGINX, it doesn't correctly detect whether the request should be HTTP or HTTPS when redirecting to GitLab in the OAuth flow.
This is caused by the HTTPS detection in
internal/auth/auth.go being faulty: https://gitlab.com/gitlab-org/gitlab-pages/blob/master/internal/auth/auth.go#L242
This helper method is used in
I think in this case (and possibly others), we should always redirect to the
-auth-redirect-url as-is, rather than trying to detect the HTTPS status from the request.
If we can't do that, then at a minimu, we need to take account of the
https boolean in
ServeContent. This tells us whether the request was actually HTTPS, but through a proxy, whereas
We found this bug while looking into a customer issue: https://gitlab.zendesk.com/agent/tickets/116765 - combined with the
pages_nginx['redirect_http_to_https'] = false parameter, it completely breaks access control for pages.