I am open my website in firefox, but because of something wrong with my website, url is force redirected to https(I think this is because I write config.force_ssl = true in ruby on rails application).
But after I redeploy another ruby on rails application, firefox still force redirect to https, how can I make firefox do not redirect to https?
This is a browser caching issue.
Rails redirects to the HTTPS site using HTTP Status 301 (moved permanentely), the redirect is cached by Firefox.
Because the Host is always localhost, Firefox cannot differentiate between the individual Rails applications.
To resolve this problem try emptying the cache and/or use private browsing mode for testing.
I don't know about Firefox but in Chrome there's the option to completely deactivate caching for as long the dev tools are open.
Try to clear the cache. Firefox may remember http 302 - redirect permanently, and it does not know when you are using different rails application (as you probably run both on localhost:3000).
Related
I followed the steps here: https://gridscale.io/en/community/tutorials/iis-redirect-http-to-https-windows/
and everything looks the way it should to me. If I go to my site with 'https://' the site loads normally, but if I try to go to the site with 'http://' instead of rewriting the url the site does not load. I confirmed that I am using IIS 10 and it is on Windows Server 2016. How can I make the server load http requests over https?
Jenkins was working fine on Firefox until a couple of weeks back.
http://www.sub.domain.com:8080
Then I think there was a Firefox update and by default it was redirecting to
https://www.sub.domain.com:8080
There was no way I could force it to http.
So I went on Chrome and it worked there until this morning when I got the Chrome 77 update.
Same issue all over again.
Then I loaded it up on IE. It works fine. I am able to use
http://www.sub.domain.com:8080
I checked with the admin if they are redirecting all traffic to https but that's not the case. What's happening here? Any browser change that I am not aware of? Any Jenkins config change that I should be using?
Did you check the HSTS cache in chrome? Go to chrome://net-internals/#hsts
Query the HSTS cache there. If there is a result you can clear it using the delete option on that page.
Another thing to check is if your using the Jenkins HSTS filter plugin "which adds a response header indicating that HTTP Strict Transport Security (HSTS) response headers should be sent." See https://wiki.jenkins.io/display/JENKINS/HSTS+Filter+Plugin
Migrating my website to a secure server, a frame is being blocked by browsers because of a security issue which doesn't happen on my existing website, which is hosted on an http server. [Google Chrome Developer Console screen shot][1] [1]: https://i.stack.imgur.com/wQkpr.jpg
The page should load a calendar, but it does not do so.
I'm not a coding expert, and don't know how to resolve this. The issue happens when loading this page:
Page which generates DOMException
However, the site under development is hosted on a non-public server. In order to access it, the hosts file on a Windows platform would need to have this code added: 199.168.187.45 mauitradewinds.com www.mauitradewinds.com secure.mauitradewinds.com m.mauitradewinds.com
Without adding that code to the hosts file, a browser would be redirected to my existing http site, which is not where the issue is happening.
I'd be grateful for guidance on how to eliminate this frame blocking.
My guess is you have a protocol conflict between your iframe and your main page.
Your main page is accessing through http and the iframe through https.
Your existing website most probably has a redirect from http to https which is why the issue is not happening on the existing site.
A web developer solved this by observing that adding www to the URL would prevent the DOMException, and allow page frame content to load.
I am writing a web application, and http://localhost:3000 is redirecting to https://localhost:3000
This was not happening a month ago when I finished writing two other applications. I went from working with Sinatra to Rails in the past month, although I have worked with Rails prior without any of these issues.
What can I do to stop this forced switching??
This is probably due your browser, because you have accessed the app in the HTTPS address, it will automatically switch to the HTTPS version of site.
Here you have more information for Firefox, but the solution is to change the settings and set browser.urlbar.autoFill to false. Other option could be to clear the History.
There is a nice option to config for the Rails app:
config.force_ssl = true
However it seems that just putting that to true doesn't get the HTTPS connections working. Even more - after trying (and failing) to connect to https://localhost:3000 with Chrome, I've set this option to false, and Chrome still tries to open https, even if I write http.
So, couple of questions:
--How to force Chrome not to try https anymore?
--What is the proper way of enabling SSL on my Rails app?
Update: The app is run on Heroku, and it seems that https is supported there automagically. Can I test SSL also locally? Like when running rails server?
First, I should say that I haven't tried this, but there are mainly two possibly reasons for Chrome still using HTTPS:
Using HTTP Strict Transport Security headers: if the server sets them, the client (supporting HSTS, like Chrome) is meant to stick to HTTPS for all subsequent requests to that host.
Permanent redirects. If the initial redirect you got was using "301 Moved Permanently" (and not 302 for example) to make the redirection,(*) the browser is meant to remember it ("The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs").
A likely solution to this would be to clear the cache in your browser.
(*) This question seems to indicate this is the case for Ruby on Rails with this config).
I had the same issue. What I did is using an ssl enforcer gem which adds a middleware that handles ssl and redirects. It has a strict option which enforces the configured protocols.
in your Gemfile add:
gem 'rack-ssl-enforcer'
in production.rb add:
config.middleware.use Rack::SslEnforcer, only: %r{your_regex_condition}, strict: true
This will force the requested pages to be secured and the rest to be non secured. It disables the HSTS header which is problematic in chrome (redirect caching issue).
You can also expire the cache for all cleints (if it already exist) to make sure you'll not get infinite redirect:
config.middleware.use Rack::SslEnforcer, only: %r{your_regex_condition}, :hsts => { :expires => 1, :subdomains => false }
also remove the ssl enforcement in production.rb (otherwise it might conflict with this middleware):
config.force_ssl = false
Let's see what happened once you updated your config file with:
config.force_ssl = true
This has caused Rack SSL Middleware to be loaded as the first middleware. As you can see in the code, Rack SSL sets an HSTS header by adding this line to the headers :
Strict-Transport-Security
It tells supported browsers such as Chrome to use HTTPS only to access your website.
So once you set back :
config.force_ssl = false
Chrome will still uses HTTPS to access your website and causes an error.
To solve this problem, you need to empty the HSTS cache. You can to that by going to the following url in your chrome browser :
chrome://net-internals/#hsts
Open your Chrome Developer Tools when you're at localhost: Then you can right click the refresh button ↻ and select "Empty cache and hard reload".
This error might also happens to you, if you start your server in the production environment, where HSTS is enabled.
Chrome redirects you to https://localhost:3000/ and says "SSL connection error".