Apoorv is a Ruby on Rails and React Developer.While developing web apps, the security of the apps is of primeimportance, especially with the apps that handle the sensitive data of users.The use of SSL(Secure Sockets Layer) is very critical for web applicationsecurity. It is a protocol that provides secure communication over the Internet.In this blog, we will go through the use of SSL, the default behavior of SSL enforcement in earlier versions of Rails,and the change introduced in Rails 7.1in the default behavior in the production.rb file.SSL is a security protocol for encrypting datasent between the client(web browser) and the server.It protects information such as user identity, credit card details, and personal data.In Rails applications, the config.force_ssl setting inthe production.rb file is used to enforce the use ofSSL for incoming requests when the app is running inthe production environment.In earlier versions of Rails the config.force_ssl wascommented out and not explicitly set. So, the applicationwill work over both HTTP and HTTPS if the SSL certificate is configured.Let’s take an example to understand the behaviour. I have setup a sample appand the config_force_ssl is commented out. Now, If I visit the root pathwith http, it is rendering the view. From the address bar we can also seethat the http(Not secure) was used while making the request.From Rails 7.1 there has been achangein the default behavior.The config.force_ssl setting in production.rb willbe set to true by default.Becasue of this all the incoming requestsin the production environment will be automatically redirectedto their HTTPS URL which will ensure secure data communication.We can see the above change with the help of an example. I have setup a Rails 7.1 appand the config_force_ssl is set to true by default.From the below attached images we can see that we made a request using http but itwas automatically redirected to the https.Also, the page was not loaded because wedon’t have a SSL certifcate, else this error won’t be shown here.Need help on your Ruby on Rails or React project?If you enjoyed this post, you might also like:July 20, 2023August 16, 2022November 12, 2019Join Our NewsletterThanks! Your subscription has been confirmed.