SSL breaking in Heroku with Cloudflare

software engineering Mar 3, 2020

I decided to put a 'real' URL to my side project which meant that I put it behind Cloudflare and turned on SSL for both CloudFlare and Heroku. However, I was running into an issue where the first symptom was that I was unable to log in. After some digging, I found the following error where I saw

HTTP Origin header (https://[my site name]) didn't match request.base_url (http://[my site name])

After some digging, I came across this article on github which then linked me to this blog entry.

The net result was simply:

  • Ensure you have SSL turned on in Heroku. This is now a paid tier
  • Turn on the SSL settings on Cloudflare to Full


Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.