Rails: activating SSL support gets Chrome confused

Question

There is a nice option to config for the Rails app:

config.force_ssl = true

However it seems that just putting that to true doesn\'t get the HTTPS connection

Answer 1

First, I should say that I haven't tried this, but there are mainly two possibly reasons for Chrome still using HTTPS:

• Using HTTP Strict Transport Security headers: if the server sets them, the client (supporting HSTS, like Chrome) is meant to stick to HTTPS for all subsequent requests to that host.

• Permanent redirects. If the initial redirect you got was using "301 Moved Permanently" (and not 302 for example) to make the redirection,^(*) the browser is meant to remember it ("The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs").

A likely solution to this would be to clear the cache in your browser.

(*) _{This question seems to indicate this is the case for Ruby on Rails with this config).}