New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configurable redirect and secure cookies for ActionDispatch::SSL #22826

merged 1 commit into from Dec 31, 2015


None yet
4 participants

timrogers commented Dec 29, 2015

The ActionDispatch::SSL middleware is enabled by the config.force_ssl option. It can be configured with config.ssl_options to customise the redirect when sending someone to an SSL version of their URL (e.g. host and port), and the precise header that should be used for HSTS, allowing advanced users to override the sensible defaults.

This PR provides a greater degree of configurability to the middleware, allowing the secure cookies functionality and the redirect to be turned off, but defaulting to leaving them on (which, to be sure, is the sensible and secure default).

This change provides more flexibility for those who want it (e.g. in our setup we handle the redirect in nginx, and would prefer Rails not to do it) with no cost in terms of backwards compatibility or ease of use.


This comment has been minimized.

rails-bot commented Dec 29, 2015

Thanks for the pull request, and welcome! The Rails team is excited to review your changes, and you should hear from @matthewd (or someone else) soon.

If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes.

Please see the contribution instructions for more information.

rafaelfranca added a commit that referenced this pull request Dec 31, 2015

Merge pull request #22826 from timrogers/actiondispatch-ssl-config
Configurable redirect and secure cookies for ActionDispatch::SSL

@rafaelfranca rafaelfranca merged commit 1f85e1c into rails:master Dec 31, 2015

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed

This comment has been minimized.


timrogers commented Dec 31, 2015


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment