How to disable HTTP Strict Transport Security?

by

It’s not a problem with Apache, but with the fact that Rails sends an HSTS header.

In Chrome, you can clear the HSTS state by going into about:net-internals, as described in ImperialViolet: HSTS UI in Chrome. You may also have to clear the cache, since config.force_ssl = true also uses a 301 (permanent) redirection.

In addition, according to this answer, you could also make your application send an STS header with max-age=0. In your controller:

response.headers["Strict-Transport-Security"] = 'max-age=0'

Related Contents:

  1. Ruby on Rails Server options [closed]
  2. SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
  3. SSL Error When installing rubygems, Unable to pull data from ‘https://rubygems.org/
  4. bundle install fails with SSL certificate verification error
  5. How do I allow HTTPS for Apache on localhost?
  6. How do you redirect HTTPS to HTTP?
  7. How to prevent browser page caching in Rails
  8. What does force_ssl do in Rails?
  9. How to solve “certificate verify failed” on Windows?
  10. Why am I getting infinite redirect loop with force_ssl in my Rails app?
  11. How do I use https (SSL) in XAMPP while using virtual hosts
  12. SSL install problem – “key value mismatch” (but they do match?)
  13. What causes “Neither PUB key nor PRIV key:: nested asn1 error” when building a public key in ruby?
  14. Apache SSL Configuration Error (SSL Connection Error)
  15. Add querystring parameters to link_to
  16. Rails 4 Authenticity Token
  17. Rails: Get Client IP address
  18. Specifying column name in a “references” migration
  19. All Ruby tests raising: undefined method `authenticate’ for nil:NilClass
  20. What’s the difference between RSpec and Cucumber? [closed]
  21. How to set default values in Rails?
  22. How to fix “Your Ruby version is 2.3.0, but your Gemfile specified 2.2.5” while server starting
  23. Rails 5: ActiveRecord OR query
  24. Rails: fields_for with index?
  25. Overriding id on create in ActiveRecord
  26. Rails 3 – can’t install pg gem
  27. Deprecation warning when using has_many :through :uniq in Rails 4
  28. Difference between an it block and a specify block in RSpec
  29. Mongodb: What to know before using? [closed]
  30. Prevent nginx from redirecting traffic from https to http when used as a reverse proxy
  31. Run rake task in controller
  32. What exactly is Rake?
  33. Need to return JSON-formatted 404 error in Rails
  34. Https to http redirect using htaccess
  35. Rails: Validate unique combination of 3 columns
  36. rails simple_form fields not related to the model
  37. Add virtual attribute to json output
  38. How do I access the name of the Rails 3 application object?
  39. How do I use RVM and create globally available gems?
  40. How do you test an AJAX request with RSpec/RoR?
  41. Rails 3 respond_to: default format?
  42. Rails: How do I print the request parameters?
  43. Encrypt, decrypt using Rails
  44. How to remove gem from Ruby on Rails application?
  45. How to disable Rack-Mini-Profiler temporarily?
  46. Ruby on Rails app on Google App Engine
  47. How can I delete special characters?
  48. How Do You Secure database.yml?
  49. ActionMailer not sending mail in development Rails 4
  50. Should I use thin or unicorn on Heroku Cedar

Leave a Comment