Force_ssl in production.rb - how to override only http in the controller

@ brad-werth is absolutely correct that the HTS headers do this, which you probably don't want to do. But I still want to do it like this, here is what I found out:

In Rails 5 (according to ActionDispatch :: SSL docs ):

 config.ssl_options = { redirect: { exclude: -> request { request.path =~ /health_check/ } } } 

In Rails 4 (and some versions of Rails 3) you need to use a separate stone. Or, if it is possible to do what you need in the middleware, you can try something like this:

 # config/environments/production.rb config.middleware.insert_before 'ActionDispatch::SSL', 'HealthCheck' # app/middleware/health_check.rb class HealthCheck def initialize(app) @app = app end def call(env) if env['REQUEST_PATH'] == '/health_check' return [200, {}, []] else @app.call(env) end end end 

Some versions of Rails 3 reportedly support something like this :

 config.ssl_options = { exclude: proc { |env| env['PATH_INFO'].start_with?('/health_check')} } 

To answer the question, the config.force_ssl parameter in the environment is different from using force_ssl in the controller and it may not be that difficult.