I'm working on a Rails 3.1.0 app that needs to have ssl in some pages depending on the user.
I setted config.force_ssl to false in config/enviroments/staging.rb. Added a before filter that decides whether or not to redirect to http. The redirect works in development if I clean the cache.
The thing is in staging, it results in a redirect loop. I believe that force_ssl uses a permanent redirect, therefore when the DNS is asked about a page in my app, it still tries to redirect to the page with ssl. Does this make any sense?
What are my options?
EDIT
I cleaned the cache. This only solves the problem the first time I enter the page. Lets say I refresh all cache and enter the http page. This displays the http page. When I exit the page, enter another page that has ssl and try to go back to the http page, the infinite redirect starts again.
The solution I implemented was to redirect to a unsafe subdomain. Let's call it 'unsafe'. So when I need to redirect to a http page, I redirect to http://unsafe.mydomain.com. This solves the infinite redirect, but some https pages are still being cached.
I guess the real question is when is it useful to use :status => :moved_permanently because It seems it causes the page to cache and it becomes dificult to clean this cache?
Firstly, why are you not just forcing SSL for all pages? There is very little performance overhead but running in mixed mode you introduce a the potential of leaking what you thought were secure cookies if you're not careful. SSL everywhere :)
Now to your question, I doubt this has anything to do with DNS and is more likely to do with the regex of pattern matching logic around when it should redirect. Does it include the hostname/domain? If so does it match the domain you run as in staging?
来源:https://stackoverflow.com/questions/10420976/how-to-remove-infinite-redirect-loop-after-i-set-force-ssl-to-false-in-heroku