force_ssl causing problems in development

As part of my ongoing (and currently floundering!) effort to upgrade my app to Rails 3.2, I recently ditched the old plugin I was using to allow me to set ssl requirements for specific controller methods, and instead simply put the following statement in my config/application.rb file:

config.force_ssl = true

My goal here was to basically have all my pages use https instead of just the ones associated with login, registration, and payments. This seems to work ok in production (I’ve deployed this change to my staging instance which is running in production mode and each page shows https as desired.) But when I went to restart my development server locally just now, I got the following error message when I tried to access the app in the browser (Firefox):

An error occurred during a connection to localhost:3000.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

The URL I’m being directed to is https://localhost:3000/login, so I’m assuming this error message reflects the fact that my development server (webrick) isn’t set up to handle SSL.

How can I have my app ignore SSL in development mode, as was the case before I instituted force_ssl = true? I tried putting force_ssl = false in config/environments/development.rb, thinking that would override the statement in application.rb, but no luck.

What’s the best way to approach this issue?


Dean Richardson

Hi @hikari17,

You’ll want to move the config.force_ssl = true out of application.rb and into any of the environments you want it in, probably just config/environments/production.rb and config/environments/staging.rb.

Let me know how that works for you, thanks!


That works flawlessly for Safari and Firefox in both development and production/staging, hooray! (I needed to clear my cache first to get it to work in Firefox.)



P.S.: Especially grateful for such a prompt reply on a weekend!