Skip to content
This repository has been archived by the owner on Dec 13, 2023. It is now read-only.

Properly tell Rails that a request is (or is not) SSL #34

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Properly tell Rails that a request is (or is not) SSL #34

wants to merge 1 commit into from

Conversation

jjulian
Copy link

@jjulian jjulian commented Dec 22, 2014

When hosting on Heroku, the Heroku router sets X-Forwarded-Proto to the protocol used by the immediate connection (from Fastly). If it's https, then Rails will never know if a browser connects insecurely. If it's http, then Rails will think every connection is insecure, even when the browser connection to fastly is over https.

This Rack middleware fixes that by setting the proper headers based on the Fastly-SSL header. The fixes are only applied if the connection appears to be from Fastly.

  • set HTTPS=on
  • set X-Forwarded-Proto=https
  • remove other ambiguous headers

Properly tell Rails that a request is SSL (or not)
fb2176f 
* set HTTPS=on
* set X-Forwarded-Proto=https
* remove other ambiguous headers
@jjulian
Copy link
Author

jjulian commented Apr 2, 2016

Note that this is totally optional behavior, only used if the user inserts the middleware into their Rails stack.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jjulian