Rails 3.2 force_ssl except on landing page
rack-ssl-enforcer gem will help you
Rails 3.2 force_ssl except on landing page
rack-ssl-enforcer gem will help you
Force SSL for specific routes in Rails 3.1
I asked a similar question on stackoverflow here and was told to use https://github.com/tobmatth/rack-ssl-enforcer. I haven't tried it out yet, but based on the readme, it appears to solve your problem of conditionally enforcing ssl on certain routes.
skip/disable force_ssl for particular controller in rails
skip_before_action :verify_authenticity_token
force_ssl except: [:index,:create]
Its worked for me.
force_ssl in production.rb - how to override in controller to just be http
You will not be able to make specialized exceptions using config.force_ssl = true
because Rails uses rack-ssl, which sets the Strict-Transport-Security header. You probably don't want to disable this for landing pages, anyway, as Google now uses this as a ranking signal.
Disable force_ssl for specific controllers in Rails 5
You're using the global configuration method. This ensures ssl on every controller and every action. Switch to controller based forcing.
You can either add it to every controller you want it in, or add it to the application controller and turn it off based on the controller/action combo, i like a case statement because it allows multiple options, but you can do what works best for your app.
class ApplicationController < ActionController::Base
force_ssl unless: :no_ssl?
def no_ssl?
case "#{params[:controller]} #{params[:action]}"
when "parents index"
return false
else
return false
end
end
end
force_ssl redirect loop on Rails 4 using CloudFlare SSL
This stopped happening when I switched from "flexible" to the "full" SSL setting in CloudFlare.
Why am I getting infinite redirect loop with force_ssl in my Rails app?
You're not forwarding any information about whether this request was an HTTPS-terminated request or not. Normally, in a server, the "ssl on;" directive will set these headers, but you're using a combined block.
Rack (and force_ssl) determines SSL by:
- If the request came in on port 443 (this is likely not being passed back to Unicorn from nginx)
- If ENV['HTTPS'] == "on"
- If the X-Forwarded-Proto header == "HTTPS"
See the force_ssl source for the full story.
Since you're using a combined block, you want to use the third form. Try:
proxy_set_header X-Forwarded-Proto $scheme;
in your server or location block per the nginx documentation.
This will set the header to "http" when you come in on a port 80 request, and set it to "https" when you come in on a 443 request.
Related Topics
How to Add Iedriverserver to Path
Actionmailer Smtp "Certificate Verify Failed"
Rails: Merit Gem Badge Not Registering or Displaying
Ruby Daemon Process to Keep Objects Alive for Transient Ruby Instances
Has_Many and No Method Error Issue
Rubymine 6.0.2, Unable to Debug
How to Distribute a Ruby Script via Homebrew
How to Ignore File Types in a Web Crawler
Rails 3.2 Create a Form That's Used in the Footer of Every Page
Ruby on Rails: Create Confirmation View Before Creating the Object
Run Ruby Script That Is Stored on Internet
Instance_Eval Does Not Work with Do/End Block, Only with {}-Blocks