All geek questions in one place

Is Rails 3.1 ssl used even if I disabled ssl?

I added force_ssl to my ApplicationController and removed later, but now every request is still being requested on https. I tried to add config.force_ssl = false to all configuration files in application.rb and environments/development.rb etc., but this will not work. When I restart the server, the requests are still converted to https. Any clue?

Update : This only happens when I request the root of the application, for example. http://localhost:3000/ , however, in the config / routes.rb file, I clearly indicated the URL for the root: root :to => 'home#index'

+6
source share
5 answers

You see the HTTP Strict Transport Security max-age effects that Rack::SSL sets (which config.force_ssl = true sets) to something high.

+11
source

In addition to reloading your application, you also need to clear your browser cache.

+3
source

For those who are still unclear, here is what I did to do the trick.

In application_controller.rb:

 before_filter :expire_hsts [...] private def expire_hsts response.headers["Strict-Transport-Security"] = 'max-age=0' end

In production.rb

 config.force_ssl = false

Clear the cache of your web browser and it!

+1
source

yfeldblum is absolutely correct. Disabling it and making chrome forget the headline can be a pain.

Here is what I put in my config / application.rb

 config.middleware.insert_before(Rack::Lock, Rack::SSL, hsts: false, exclude: proc { |env| !env['PATH_INFO'].start_with?('/manage') })

** note A: hsts: false - critical bit

** note B: I use 1.9, so the hash syntax may be different from yours.

Also, I had to open this URL in Chrome chrome: // net-internals / # hsts and delete the domains that had this set of headers.

Fortunately, this did not lead to production because Rack :: SSL sets a very long expiration date for this header.

0
source

if you use the nginx option:

 proxy_set_header X-Forwarded-Proto https;

and unplug it!

0
source

Source: https://habr.com/ru/post/900153/

More articles:


All Articles