Skip to content

Handling SSL termination, passing appropriate headers #293

Answered by jmonteiro
hstaab asked this question in Q&A
Discussion options

You must be logged in to vote

If you're on Rails 7.0, you can simply inject Rails 7.1's assume_ssl middleware on your own.

Create a config/initializers/assume_ssl.rb with:

# When proxying through a load balancer that terminates SSL, the forwarded request will appear
# as though its HTTP instead of HTTPS to the application. This makes redirects and cookie
# security target HTTP instead of HTTPS. This middleware makes the server assume that the
# proxy already terminated SSL, and that the request really is HTTPS.
class AssumeSSL
  def initialize(app)
    @app = app
  end

  def call(env)
    env["HTTPS"] = "on"
    env["HTTP_X_FORWARDED_PORT"] = 443
    env["HTTP_X_FORWARDED_PROTO"] = "https"
    env["rack.url_scheme"] = 

Replies: 3 comments 3 replies

Comment options

You must be logged in to vote
1 reply
@hstaab
Comment options

Answer selected by hstaab
Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
2 replies
@benbonnet
Comment options

@glaucocustodio
Comment options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
5 participants