Rails 3.2 Force_Ssl Except on Landing Page

Rails 3.2 force_ssl except on landing page

rack-ssl-enforcer gem will help you

Rails 3.2 force_ssl except on landing page

rack-ssl-enforcer gem will help you

Force SSL for specific routes in Rails 3.1

I asked a similar question on stackoverflow here and was told to use https://github.com/tobmatth/rack-ssl-enforcer. I haven't tried it out yet, but based on the readme, it appears to solve your problem of conditionally enforcing ssl on certain routes.

skip/disable force_ssl for particular controller in rails

skip_before_action :verify_authenticity_token
force_ssl except: [:index,:create]

Its worked for me.

force_ssl in production.rb - how to override in controller to just be http

You will not be able to make specialized exceptions using config.force_ssl = true because Rails uses rack-ssl, which sets the Strict-Transport-Security header. You probably don't want to disable this for landing pages, anyway, as Google now uses this as a ranking signal.

Disable force_ssl for specific controllers in Rails 5

You're using the global configuration method. This ensures ssl on every controller and every action. Switch to controller based forcing.

You can either add it to every controller you want it in, or add it to the application controller and turn it off based on the controller/action combo, i like a case statement because it allows multiple options, but you can do what works best for your app.

class ApplicationController < ActionController::Base
  force_ssl unless: :no_ssl?

  def no_ssl?
    case "#{params[:controller]} #{params[:action]}"
    when "parents index"
      return false
    else
      return false
    end
  end
end

force_ssl redirect loop on Rails 4 using CloudFlare SSL

This stopped happening when I switched from "flexible" to the "full" SSL setting in CloudFlare.

Why am I getting infinite redirect loop with force_ssl in my Rails app?

You're not forwarding any information about whether this request was an HTTPS-terminated request or not. Normally, in a server, the "ssl on;" directive will set these headers, but you're using a combined block.

Rack (and force_ssl) determines SSL by:

  • If the request came in on port 443 (this is likely not being passed back to Unicorn from nginx)
  • If ENV['HTTPS'] == "on"
  • If the X-Forwarded-Proto header == "HTTPS"

See the force_ssl source for the full story.

Since you're using a combined block, you want to use the third form. Try:

proxy_set_header X-Forwarded-Proto $scheme;

in your server or location block per the nginx documentation.

This will set the header to "http" when you come in on a port 80 request, and set it to "https" when you come in on a 443 request.


Related Topics

How to Add Iedriverserver to Path

Actionmailer Smtp "Certificate Verify Failed"

Rails: Merit Gem Badge Not Registering or Displaying

Ruby Daemon Process to Keep Objects Alive for Transient Ruby Instances

Has_Many and No Method Error Issue

Nested Hash in Redis

Removing Gems Errors

Rubymine 6.0.2, Unable to Debug

How to Distribute a Ruby Script via Homebrew

How to Ignore File Types in a Web Crawler

Ruby Difference Engine

Rails 3.2 Create a Form That's Used in the Footer of Every Page

Ruby on Rails: Create Confirmation View Before Creating the Object

Sunspot 'Like' Query

Run Ruby Script That Is Stored on Internet

Instance_Eval Does Not Work with Do/End Block, Only with {}-Blocks

How to Reset Boolean to "Default: False" at End of Day

Cucumber: Automatic Step File Creation


Leave a reply



Submit