Rails：激活SSL支持让Chrome感到困惑 [英] Rails: activating SSL support gets Chrome confused

问题描述

为Rails应用程序配置有一个很好的选择：

There is a nice option to config for the Rails app:

config.force_ssl = true

config.force_ssl = true

但是，似乎只是将其设置为true并不能使HTTPS连接正常工作。更多 - 在尝试（并且失败）与Chrome连接到 https：// localhost：3000 之后，我已经设置了这个选项为false，即使我写了http，Chrome仍然会尝试打开https。

However it seems that just putting that to true doesn't get the HTTPS connections working. Even more - after trying (and failing) to connect to https://localhost:3000 with Chrome, I've set this option to false, and Chrome still tries to open https, even if I write http.

所以，几个问题：

- 如何强制Chrome不再尝试https？
- 在我的Rails应用程序上启用SSL的正确方法是什么？

--How to force Chrome not to try https anymore? --What is the proper way of enabling SSL on my Rails app?

更新：该应用程序在Heroku上运行，似乎支持https自动化。我可以在本地测试SSL吗？就像运行rails服务器一样？

Update: The app is run on Heroku, and it seems that https is supported there automagically. Can I test SSL also locally? Like when running rails server?

推荐答案

首先，我应该说我没试过这个，但主要有两个可能Chrome仍然使用HTTPS的原因：

First, I should say that I haven't tried this, but there are mainly two possibly reasons for Chrome still using HTTPS:

• 使用 HTTP严格传输安全性标头：如果服务器设置它们，则客户端（支持HSTS，如Chrome）意味着坚持使用HTTPS来获取对该主机的所有后续请求。

• Using HTTP Strict Transport Security headers: if the server sets them, the client (supporting HSTS, like Chrome) is meant to stick to HTTPS for all subsequent requests to that host.

永久重定向。如果您获得的初始重定向是使用301 Moved Permanently（而不是302）进行重定向，^（*）浏览器是为了记住它（已为所请求的资源分配了一个新的永久URI和任何未来对此资源的引用应该使用其中一个返回的URI ）。

Permanent redirects. If the initial redirect you got was using "301 Moved Permanently" (and not 302 for example) to make the redirection,^(*) the browser is meant to remember it ("The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs").

一个可能的解决方案将清除浏览器中的缓存。

A likely solution to this would be to clear the cache in your browser.

（*） _{这个问题似乎表明这个配置是Ruby on Rails的情况。）}

(*) _{This question seems to indicate this is the case for Ruby on Rails with this config).}

这篇关于Rails：激活SSL支持让Chrome感到困惑的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！