Menu
in my production.rb, I have
config.force_ssl = true
and would like to provide exceptions. It looks like this should work (can't find how to get back to 3.2.19):
class ApiItemsController < ApplicationController
force_ssl except: :get_item_test
but it doesn't. I've seen Rails 3.2 force_ssl except on landing page but really don't want to be adding gems for such a trivial thing. How do I get this to work?
869
@brad-werth is totally right that HTS headers make this something you probably don't want to do. But I keep wanting to do it anyway so here's what I've learned:
On Rails 5 (according to the ActionDispatch::SSL docs ):
config.ssl_options = { redirect: { exclude: -> request { request.path =~ /health_check/ } } }
In Rails 4 (and some Rails 3 versions) you have to use a separate gem. Or if it's possible to do what you need in a middleware you could try something like this:
# config/environments/production.rb
config.middleware.insert_before 'ActionDispatch::SSL', 'HealthCheck'
# app/middleware/health_check.rb
class HealthCheck
def initialize(app)
@app = app
end
def call(env)
if env['REQUEST_PATH'] == '/health_check'
return [200, {}, []]
else
@app.call(env)
end
end
end
Some versions of Rails 3 reportedly support something like this:
config.ssl_options = { exclude: proc { |env| env['PATH_INFO'].start_with?('/health_check')} }
To answer the actual asked question the config.force_ssl setting in the environment is quite different from using force_ssl in a controller and can't be overriden that way.
152
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
