Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Rails 3.1 ssl is used even if I disabled ssl?

I have added force_ssl in my ApplicationController, and deleted later, but now, every request is still prompted to https. I have tried to add config.force_ssl = false to all the configuration files in application.rb and environments/development.rb, etc., but it doesn't work. When I reboot the server, the requests are still converted to https. Any clue?

Updates: This happens only when I request the root of the application, e.g. http://localhost:3000/, however in my config/routes.rb file I have specified the url for the root clearly: root :to => 'home#index'

like image 950
Rn2dy Avatar asked Oct 26 '11 18:10

Rn2dy


1 Answers

You're seeing the effects of HTTP Strict Transport Security's max-age, which is set by Rack::SSL (which config.force_ssl = true sets up) to something high.

like image 63
yfeldblum Avatar answered Oct 26 '22 13:10

yfeldblum