config.force_ssl = true should set SSL application-wide and by default

Pete4 · July 28, 2014, 1:33pm

If we apply the logic “specify as much as possible on the highest level possible”, then config.force_ssl = true should also set SSL for ActionMailer (and its url helpers), meaning application-wide and by default).

The following requirement should then be a thing of the past:`

development.rb

config.action_mailer.default_url_options = {`

  protocol: 'https',

  host: '0.0.0.0:3000'
}
# production.rb
config.action_mailer.default_url_options = {
  protocol: 'https',
  host: 'mydomain.com'
}

Geoff_Harcourt · July 28, 2014, 2:13pm

Hi Pete,

I don’t think it’s necessary to require SSL in development, so even if enabling SSL by default in production environments is a good idea (which I’m not convinced is necessary), I think requiring it in development is overkill, and makes the path to getting started on an app more complicated.

I do think there’s value in setting production pages to be SSL by default, but I don’t have a grasp of what percentage of folks are building apps that don’t require HTTPS.

Geoff

Pete4 · July 28, 2014, 2:27pm

Hi, maybe there was a slight misunderstanding - I think SSL should be set application-wide once config.force_ssl = true is set.

Geoff_Harcourt · July 28, 2014, 2:29pm

Ah, I see what you mean now. Yeah, that seems reasonable.

Topic		Replies	Views
Rails 3.1.1 and ssl rubyonrails-talk	1	156	November 19, 2011
Global protocol setting for all url helpers? rubyonrails-talk	1	128	August 12, 2013
Developing with SSL rubyonrails-talk	2	132	March 12, 2007
Help setting up RoR SSL on Bluehost rubyonrails-talk	0	112	February 20, 2008
force any controller to use HTTPS - ssl_requirement for Rails 2.x app rubyonrails-talk	0	119	June 13, 2011

config.force_ssl = true should set SSL application-wide and by default

development.rb

Related topics

More Resources