Rails set protocol to always HTTP - ruby-on-rails

I am running a Rails app inside of Vagrant. I am trying to run my app in QA mode to reflect my deployment environment. I am doing SSL termination at the load balancer in my QA environment, so I'd like to be able to run my Rails app only over http, no https anywhere.
I am using Devise for user authentication. I can load my app just fine, but when I log in, devise always wants to redirect onto https. I can't seem to get it to behave differently. I've pinged the devise maintainers for help but they didn't have any insight to share.
I've tried setting config.force_ssl = false but that doesn't seem to make a difference.
I am running the app under Unicorn, proxying to nginx. Any insight would be appreciated!

I think adding something like thi to application.rb this might prevent the issue:
[
config.action_controller.default_url_options,
config.action_mailer.default_url_options,
Rails.application.routes.default_url_options,
Devise::Engine.routes.default_url_options,
Devise::Engine.config.action_controller.default_url_options
].each do |config|
config[:protocol] = "http#{'s' if Rails.env.production}"
end
In addition, you can override a variety of Devise controller methods, by subclassing them. So if you identify the cuplrit method, you can either a) solve the root cause, or b) subclass the controller, to use a workaround instead.

Related

ActiveAdmin taking wrong http method for update and destroy actions

Rails version - 5.2
Active admin version - 2.9.0
I have installed and configured active admin in my rails API application. Everything is working fine, except for the update, delete action of any controller, and logout of the admin user.
Here is my applicaiton.rb file
I have added method override in application.rb file though it is taking the POST request method for any update or delete request. It is working fine in my local even though it is taking POST request but when I deployed the code on the staging environment. I have found this thing. On my staging environment, that route is not present hence it is giving 404 error.
Below is the screenshot of the Update admin user request.
Can someone please help me to fix this issue?
I have finally fixed the issue. I am assuming the issue might be with my staging web server configuration otherwise it was working fine in my local in both the environments local and staging.
Post the answer here so it might help people in future.
By default the browser only supports for GET and POST requests. If we want to use any other request methods then we need to pass that request method in the parameter _method. You can read more about it here.
That wasn't happening in my case though i have added config.middleware.use Rack::MethodOverride in application.rb.
For resolving the issue, I have added the use Rack::MethodOverride in my config.ru file. It means before running the rails application it will use this method. I have added this code and that's it everything is working fine now.

405 not allowed nginx, CORS? Nginx config? Or something else?

Working on an app built using Ember.js and Rails.
Authentication is being done with ember-simple-auth using Oauth2.
I am able to login to my app locally in my development environment, but as soon as I try to login on my production server (through Heroku) I start receiving a nginx 405 not allowed status code.
First thing I thought was maybe it is my request headers / CORS. I am using rack-cors gem on my rails side and configured it based directly off the readme example. Here is my application.rb
Researching, I found the same problem with the solution being to configure Nginx side of things, but I figured since that is being handled by heroku I wasn't really sure if that was where I need to make my changes.
Let me know if there are any other files/info that could help.
What is the best way to debug this problem?
Try using this first to rule out CORS:
https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi
Does the route work locally when you use Postman or a similar tool?
Are you requesting HTML or JSON?

Prevent SSL on subdomains

I have my main app (Ruby on Rails) hosted with Heroku, DNS managed by DNSimple. It is served using SSL with a wildcard certificate. myapp.com and www.myapp.com, both work correctly.
The issue starts when I try and direct some subdomains to other services. For example I want blog.myapp.com to point to our instance of Ghost.org. I am also trying to point data.myapp.com to a different heroku app that we use for reporting purposes.
I don't need/want either of these subdomains to use SSL but it seems no matter what I try, that they try and fail to load the HTTPS version.
To be honest I'm confused where this is being triggered from. Where should I be altering the configuration. My Rails App, Heroku, DNSimple, the SSL cert, somewhere else entirely?
I have managed to solve this issue by clearing the browser cache on my machine.
I'm not sure what caused it to force SSL to begin with but the current configuration seems to be now be working.

Rails app using force_ssl on entire site when it shouldn't

Something has changed in my environment and I don't know why. I use SSL only for logging in through my sessions controller, which was working.
force_ssl :only => [:signin] unless Rails.env.development?
After logging in, a user is redirected to the home page, which should not be HTTPS. Now everything is be forced to SSL. In my production.rb file I set force_ssl to false, which it should be by default but that didn't resolve the problem.
I've also tried the solution posted here about using a protocol restraint in routes.rb which didn't work either.
Rails force ssl only on specified controllers
I've restarted nginx and unicorn several times but still forcing SSL. SSL is causing leafjs (map) not to work when my app tries to access its stylesheet and javascript from a remote location.
I could download them into my app but that wouldn't solve the forced_ssl problem.
My app is running on a DigitalOcean droplet, if that makes any difference.

Rails get production environment working with SSL on local machin

I am having trouble with my site with precompiled assets looking nothing like my site with assets served on-the-go. So I figured, I should try things out in production.
Here's the problem, when I do, I get:
!! Invalid request
in my terminal log and in my browser I see
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
The graphic designer is not amused at the mess thats up right now, and I'd love to be able to reproduce the problem. Any ideas on how to get past this SSL issue?
The only way that I've ever been able to get sites implementing SSL working on my development box in production mode has been to set up Apache in front of my rails server (Webrick, or whatever). This is kind of a pain to set up, but it works. You should be able to find a guide on how to set it up using your exact configuration with a quick search. Another option would be to enable SSL via a configuration file, instead of by environment, so you could simply disable it regardless of your current environment. This is assuming everything else is actually correct and working...

Resources