Previously, I had been using ssl_requirement to give us fine grained control over which

Question

0

Asked: May 25, 20262026-05-25T20:16:18+00:00 2026-05-25T20:16:18+00:00

Previously, I had been using ssl_requirement to give us fine grained control over which

0

Previously, I had been using ssl_requirement to give us fine grained control over which pages were served over ssl and which were served over plain http.

According to the ssl_requirement’s own wiki, it has been superseded by rails 3.1’s Force SSL. However this does not seem to be the case. Force SSL doesn’t seem to expose an option to go in the opposite direction, there is no way to force a page to sent via regular http.

What is the correct Rails 3.1 way to force a page to be displayed in plain http? Does Force SSL truly supersede ssl_requirement?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-25T20:16:19+00:00

Editorial Team

2026-05-25T20:16:19+00:00Added an answer on May 25, 2026 at 8:16 pm

The code for Force SSL is pretty easy to read.

https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/force_ssl.rb

It doesn’t seem to do the reverse and force http to be used. It provides the only and except options to control which actions and controllers SSL is to be required for, but doesn’t provide a way to force HTTP to be used instead of https.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Previously, I had been using ssl_requirement to give us fine grained control over which

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply