config.force_ssl = true should set SSL application-wide and by default

If we apply the logic “specify as much as possible on the highest level possible”, then config.force_ssl = true should also set SSL for ActionMailer (and its url helpers), meaning application-wide and by default).

The following requirement should then be a thing of the past:`


config.action_mailer.default_url_options = {`

  protocol: 'https',

  host: ''
# production.rb
config.action_mailer.default_url_options = {
  protocol: 'https',
  host: ''

Hi Pete,

I don’t think it’s necessary to require SSL in development, so even if enabling SSL by default in production environments is a good idea (which I’m not convinced is necessary), I think requiring it in development is overkill, and makes the path to getting started on an app more complicated.

I do think there’s value in setting production pages to be SSL by default, but I don’t have a grasp of what percentage of folks are building apps that don’t require HTTPS.

  • Geoff

maybe there was a slight misunderstanding - I think SSL should be set application-wide once config.force_ssl = true is set.

Ah, I see what you mean now. Yeah, that seems reasonable.