Rails: activating SSL support gets Chrome confused

Question

There is a nice option to config for the Rails app:

config.force_ssl = true

However it seems that just putting that to true doesn\'t get the HTTPS connection

Answer 1

Let's see what happened once you updated your config file with:

config.force_ssl = true

This has caused Rack SSL Middleware to be loaded as the first middleware. As you can see in the code, Rack SSL sets an HSTS header by adding this line to the headers :

Strict-Transport-Security

It tells supported browsers such as Chrome to use HTTPS only to access your website.

So once you set back :

config.force_ssl = false

Chrome will still uses HTTPS to access your website and causes an error.

To solve this problem, you need to empty the HSTS cache. You can to that by going to the following url in your chrome browser : chrome://net-internals/#hsts