Following the guidance here, updated for Rails 3.2.x, I expected to be able to configure Rack::SSL to use the SSL filters only if an https://
prefix is included:
config.force_ssl = true
config.ssl_options = { :exclude => proc { |env| puts 'here? ' + env.to_s; env['HTTPS'] != 'on' } }
However, https
works, where http
fails with the following error:
[2012-10-29 15:37:03] ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv2/v3 read client hello A: http request
/Users/user/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/openssl/ssl-internal.rb:164:in `accept'
The diagnostic code inserted into the lambda is not executed. How can I configure Rack:SSL in Rails 3.2.x to respond to both HTTP and HTTPS?
Rails 3.2.8, WEBrick configured for SSL using a self-signed cert.
The ability to use the exclude
option in the options
hash has been removed as of May 2012 for some reason: https://github.com/rails/rails/pull/5515
The error I was seeing was a red herring. The exclude
was being ignored and the http://
request was being redirected in ActionDispatch::SSL to https://
. OpenSSL was then choking (I assume) because of the protocol mismatch.
The solution is to use the rack-ssl
gem, as suggested here. This is essentially identical to ActionDispatch::SSL, except that the exclude
option is still respected.