This project is archived and is in readonly mode.
request.ssl? should reflect rack.url_scheme
Reported by Steven Parkes | October 1st, 2010 @ 10:38 PM
Thin will set env["rack.url_scheme"] = "https" for SSL connections but the request object in Rails doesn't reflect this. It should, shouldn't it?
Comments and changes to this ticket
-
David Trasbo October 8th, 2010 @ 10:14 AM
- State changed from “new” to “invalid”
- Importance changed from “” to “Low”
The
ssl?method was removed in http://github.com/rails/rails/commit/50215f9525b6b5e3bfe703724b9f68... - I posted a comment asking why because other methods in the same module seems to depend on it. There might be a perfectly good reason, so I'm marking this as invalid for now. -
-
José Valim October 8th, 2010 @ 10:21 AM
Steven, this is the way both Rack and Rails check if a connection is using SSL:
http://github.com/rack/rack/blob/master/lib/rack/request.rb#L269
Not sure why Thin sets
env["rack.url_scheme"] = "https"maybe you can point to somewhere in the rack specification? -
José Valim October 8th, 2010 @ 10:22 AM
- State changed from “invalid” to “open”
- Assigned user set to “José Valim”
Hrm, actually after looking at Rack tests, I've noticed they indeed check for both "HTTPS" and "rack.url_scheme". I will check with Rack maintainers.
http://github.com/rack/rack/blob/master/test/spec_mock.rb#L106
-
Steven Parkes October 8th, 2010 @ 01:59 PM
Thanks, José. I suggested the patch for Thin based on ... something I saw? Can't remember where I first saw rack.url_scheme. Might have been the rack tests. Maybe Sinatra?
Anyway, once we know what's "right", I can try to make sure Thin follows suit.
Thanks!
-
José Valim October 8th, 2010 @ 02:01 PM
Both are valid! Can you provide a patch for Rails 3-0-stable? I will fix it in rack. :)
-
Steven Parkes October 8th, 2010 @ 02:18 PM
What's the rack fix? Request#ssl? looking at env["rack.url_scheme"] instead of env["HTTPS"] and env["HTTP_X_FORWARDED_PROTO"]?
Now that I'm a little more awake, rack.url_scheme is in the spec, but HTTPS and HTTP_X_FORWARDED_PROTO aren't. My interpretation is that rack clients should only look at rack.url_scheme or Request#ssl? and leave the HTTPS/HTTP_X_FORWARDED_PROTO to the rack container?
-
-
Santiago Pastorino February 9th, 2011 @ 12:31 AM
This issue has been automatically marked as stale because it has not been commented on for at least three months.
The resources of the Rails core team are limited, and so we are asking for your help. If you can still reproduce this error on the 3-0-stable branch or on master, please reply with all of the information you have about it and add "[state:open]" to your comment. This will reopen the ticket for review. Likewise, if you feel that this is a very important feature for Rails to include, please reply with your explanation so we can consider it.
Thank you for all your contributions, and we hope you will understand this step to focus our efforts where they are most helpful.
-
Santiago Pastorino February 9th, 2011 @ 12:31 AM
- State changed from “open” to “stale”
-
Craig April 20th, 2011 @ 12:08 PM
I believe this is still an issue in Rails, at least up to 3.0.7.
Looking at url.rb (https://github.com/rails/rails/blob/3-0-7/actionpack/lib/action_dis...) you can see that the "ssl?" method doesn't take into account the "rack.url_scheme" environment setting (available through request.env['rack.url_scheme'].
However, as mentioned before, the 3.0.7 tests still use it: https://github.com/rails/rails/blob/3-0-7/actionpack/test/dispatch/...
Any thoughts?
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
Andrew White
Craig
David Trasbo
Jeremy Kemper
José Valim