I am testing force_ssl in my Rails 4 app , so I added in the todos_controller:
class Users::TodosController < ApplicationController
....
force_ssl :only => [:test_ssl] unless Rails.env.development?
I added into config/application.rb
config.force_ssl = false
I modified vhost , restarted apache ...
when the user request ...todos/test_ssl, the https request is performed, ok
however , once being on this pas , the user go back to the home page, the request is still performed with https , it doesn't swithc back to http...
should I insert force_ssl = false in the other controllers ? I thought the config parameter would be avaolable for all other controllers ... am I wrong ? or should I use the gem rack-ssl-enforcer ?