class ActionDispatch::AssumeSSL

Parent:
Object

Action Dispatch AssumeSSL

When proxying through a load balancer that terminates SSL, the forwarded request will appear as though it’s HTTP instead of HTTPS to the application. This makes redirects and cookie security target HTTP instead of HTTPS. This middleware makes the server assume that the proxy already terminated SSL, and that the request really is HTTPS.

Public Class Methods

new(app) Show source 
# File actionpack/lib/action_dispatch/middleware/assume_ssl.rb, line 14
def initialize(app)
  @app = app
end

Public Instance Methods

call(env) Show source 
# File actionpack/lib/action_dispatch/middleware/assume_ssl.rb, line 18
def call(env)
  env["HTTPS"] = "on"
  env["HTTP_X_FORWARDED_PORT"] = "443"
  env["HTTP_X_FORWARDED_PROTO"] = "https"
  env["rack.url_scheme"] = "https"

  @app.call(env)
end

© 2004–2021 David Heinemeier Hansson
Licensed under the MIT License.