Project

General

Profile

Refactor #30122

Tracker #28570: Rails 6.1 Tracker

Remove usage of force_ssl in controller

Added by Tomer Brisker about 2 years ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Rails
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

`force_ssl` has been deprecated and will be removed in Rails 6.1:
https://github.com/rails/rails/commit/03351cd5410b3ad3d3e51f44ce60aa553ddeef14


Related issues

Related to Foreman - Refactor #34234: Do not warn on HTTP connection from Smart proxyClosed

Associated revisions

Revision 221d255d (diff)
Added by Ondřej Ezr 4 months ago

Fixes #30122 - remove usage of controller level force_ssl

Foreman's use case for HTTP-only is provisioning. Many installers, like Red
Hat's Anaconda or Debian Preseed, either do not support it or make it very hard
to use HTTPS. This is especially hard since often a custom CA is used so the
establishing the trust chain is hard.

Rails 6.1 drops support for controller level force_ssl. This implements our
use-case as options for the ssl middleware. Our use-case is valid, but it is
better to rely on supported features and not to pull a 3rd party gem.

This does not implement a mechanism for plugins to run HTTP-only. This is
because designing a good API proved to be hard and we didn't see a scenario
where it would be needed.

History

#1 Updated by The Foreman Bot 6 months ago

  • Assignee set to Ondřej Ezr
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/9011 added

#2 Updated by Ondřej Ezr 6 months ago

  • Related to Refactor #34234: Do not warn on HTTP connection from Smart proxy added

#3 Updated by The Foreman Bot 4 months ago

  • Fixed in Releases 3.3.0 added

#4 Updated by Ondřej Ezr 4 months ago

  • Status changed from Ready For Testing to Closed

#5 Updated by Amit Upadhye about 2 months ago

  • Subject changed from remove usage of force_ssl in controller to Remove usage of force_ssl in controller

Also available in: Atom PDF