Re: config.force_ssl :unless => :tor_hidden_service

[Erich Menge]

Please check out Rails Talk or Stack Overflow for Rails help.

This group is for discussion of Rails internal features.

Thanks!

On Monday, July 16, 2012 5:37:21 AM UTC-5, Sai . wrote:

Not sure where to patch this, but: config.force_ssl should be inactive for tor hidden services (for those, ssl can if anything be worse).

Any suggestions?

One way to do it would be to check for whether the TLD is .onion. There may be some gotchas with e.g. cookies or similar bits, for sites that operate both as HTTPS and Tor hidden service (which is what I'm trying to set up).

- Sai