I had a Rails application with config.force_ssl = true
, but now I dont want SSL encryption, but my app is still redirecting to https. I read this is a HTTP Strict Transport Security problem on Apache. How can I disable it?
Type iexplore.exe. On the Edit menu, click Modify In the Value data box, type 1, and then click OK. Note The valid values for the iexplore.exe subkey are 0 and 1. A value of 1 disables the feature, and 0 enables the feature.
Search for “hsts” using the search bar in the top-right corner of the screen. Double-click on security. mixed_content. use_hstsc to toggle the setting in order to Disable HSTS on Firefox.
It's not a problem with Apache, but with the fact that Rails sends an HSTS header.
In Chrome, you can clear the HSTS state by going into about:net-internals
, as described in ImperialViolet: HSTS UI in Chrome. You may also have to clear the cache, since config.force_ssl = true
also uses a 301 (permanent) redirection.
In addition, according to this answer, you could also make your application send an STS header with max-age=0. In your controller:
response.headers["Strict-Transport-Security"] = 'max-age=0'
Just wanted to point out @Bruno's answer and @JoeVanDyk's suggestions are true and can be applied beyond the context of Rails/Apache. I'm using PHP and Nginx. PHP has nothing to do with it in my case, but here's the steps with Nginx:
//sorry here's the nginx.conf part first, can't figure out how to mix multi-line //code with an ordered list server { #... #change: # add_header Strict-Transport-Security "max-age=315360000; includeSubdomains"; #to: add_header Strict-Transport-Security "max-age=0;"; #... }
clear your "browser history". To clarify on @JoeVanDyk's suggestion , I think you need to clear "browsing history" because clearing the cache didn't work for me (tested on Chrome/Firefox, please add comments if you know more).
nginx.conf file (see code above)
restart server
root@ip-xxx-xxx-xxx:~# /etc/init.d/nginx restart
.
After this, you can revert the nginx add_header Strict..
command to what you previously had. Just make sure you repeat steps 1-3 again.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With