Trying to reconcile force_ssl source code with the docs

I’m getting odd warnings and results from my force_ssl configuration. I’ve seen other people confused about the host options in the Endpoint config too.

I want to get this documented behavior:

To dynamically redirect to the host of the current request, :host must be set nil.

But when I set it to nil, I get this error:

warning: you have enabled :force_ssl but your host is currently set to localhost. Please configure your endpoint url host properly . . .

Here’s the source code, and I don’t see any kind of handling for nil. It seems to set host to localhost when nil is passed in:

host = force_ssl[:host] || config[:url][:host] || "localhost"

FWIW, I’m trying to do a “simple” Heroku configuration. Heroku handles the SSL. I also will be using several domain names with my app, and so I want it to always to redirect to and build links with the hostname from the request.

I think that part of the confusion for me is: there are two host: attributes in the config grammar.

This was default behavior in Rails :wink: I feel like I’m fighting against the machine here, though!

I eliminated the warning, and am getting https redirects back to the requested host with this config:

config :public_law, PublicLawWeb.Endpoint,
  force_ssl: [host: nil, hsts: true, rewrite_on: [:x_forwarded_proto]],
  url: [host: {:system, "HOST"}],
  load_from_system_env: true,

I’m not sure if I need to explicitly add the hsts option. The docs said it’s default, but the examples show it. Same for rewrite_on.

1 Like