'What can be the reason for 'config.force_ssl = false' in rails app?
I found that config.force_ssl = false in config/application.rb, and nowhere it is defined as true, though the domain have SSL certificate. will there be any specific reason for setting it as false? or is there any alternate way to do the same?
Reference What does 'force_ssl' do in Rails?
Solution 1:[1]
SSL enables to have all the network request to your application using HTTPS.. So if config.force_ssl is set as true, then you need to have a SSL certificate and all your request will go through HTTPS
Solution 2:[2]
If your Rails application is behind a load balancer or other proxy, and that proxy is responsible for providing SSL/TLS (e.g. as described here for Nginx), then that proxy, not your Rails app, is responsible for ensuring HTTP requests are redirected to HTTPS, and your Rails app shouldn't have to think about SSL/TLS at all. In that case config.force_ssl should be false, even in production.
(In development and test it should also be false, because in those environments you don't want to have to mess with certificates etc. -- although it can be done if you really insist on it -- which is why that's what you're more likely to see in environment.rb, even if it's overridden in environments/production.rb.)
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Sumanth Madishetty |
| Solution 2 |