Rails: activating SSL support gets Chrome confused

后端 未结 4 505
逝去的感伤
逝去的感伤 2021-01-12 09:09

There is a nice option to config for the Rails app:

config.force_ssl = true

However it seems that just putting that to true doesn\'t get the HTTPS connection

4条回答
  •  伪装坚强ぢ
    2021-01-12 09:28

    I had the same issue. What I did is using an ssl enforcer gem which adds a middleware that handles ssl and redirects. It has a strict option which enforces the configured protocols.

    in your Gemfile add:

    gem 'rack-ssl-enforcer'
    

    in production.rb add:

    config.middleware.use Rack::SslEnforcer, only: %r{your_regex_condition}, strict: true
    

    This will force the requested pages to be secured and the rest to be non secured. It disables the HSTS header which is problematic in chrome (redirect caching issue).

    You can also expire the cache for all cleints (if it already exist) to make sure you'll not get infinite redirect:

    config.middleware.use Rack::SslEnforcer, only: %r{your_regex_condition}, :hsts => { :expires => 1, :subdomains => false }
    

    also remove the ssl enforcement in production.rb (otherwise it might conflict with this middleware):

    config.force_ssl = false
    

提交回复
热议问题