Project

rack-ssl-cure

0.0
No commit activity in last 3 years
No release in over 3 years
rack-ssl-curepeppyheppy/rack-ssl-cureHomepageDocumentationSource CodeBug TrackerWiki
Cures the damange done by rack-ssl when it set the Strict-Transport-Security header to a year.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
17,204
Stars
1
Forks
0
Watchers
2
 Releases
Current version
0.0.1
Total releases
1
First release
2012-05-11
Latest release
2012-05-11
 Development
Primary Language
Ruby
Average date of last 50 commits
2012-05-11
Reverse Dependencies
0

 Dependencies

Development

rspec
= 2.6.0
 Project Readme

Rack::SSL sounded great, right? But now you have customers who are forced to use https and you may be experiencing issues from slows pages to redirect loops. The problem is that Rack::SSL sets a header that the browser stores for a year and causes the client to auto redirect to https independent of the app or the webserver configuration.

Read more here: http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02#page-12

All you have to do is:

Remove your Rack::SSL gem from the Gemfile and any configuration file including your config.ru if needed.

Add the following to the Gemfile:

  gem 'rack-ssl-cure', require: 'rack/ssl_cure'

Add the following to your config.ru:

  run Rack::SSLCure

Check any other configs. Deploy and watch your site speed up, and your customers smile.

TODO: Write the one test. :)