Rails 3.1 Force Regular HTTP

Question

Previously, I had been using ssl_requirement to give us fine grained control over which pages were served over ssl and which were served over plain http.

According t

Answer 1

Why would you ever want to force HTTP over HTTPS?

A lot of us out here browse with SSL everywhere. Please don't put the rest of us at risk simply because you don't like helping us out with our own security.

For most of us, security is important, even if most of us don't understand its importance or know how to obtain it. For some of us, security is life and death critical.

Some pages must be served over SSL. Although, in my view, if any part of your site requires being served over SSL, then the entire site requires it (a MITM can change the link to the SSL page as it is rendered on the non-SSL page to point to a non-SSL proxy that the MITM controls). No page ever requires being served without SSL.