Ruby on Rails redirect_to relative URL

Question

I have a Rails 4 app hosted behind Cloudflare, with the Flexible SSL option turned on, but no SSL between Cloudflare and the app servers which sit behind a load balancer.

So what happens is that, for instance when an user signs up using HTTPS and I redirect to a welcome page...

redirect_to :action => :welcome

... or ....

redirect_to "/users/welcome"

... Rails throws a HTTP header "Location: http://www.example.com/users/welcome". This obviously breaks the session and turns off SSL.

I have tried config.force_ssl but the browser goes into an infinite redirect loop.

I cannot switch the app to SSL because some parts of it have to use HTTP, and there's nothing that sensitive on the wire to justify switching, and also I have or 60 different websites built on this app, buying certificates for all of them would cost a small fortune. I just want Cloudflare's SSL because users think the "little green lock" means the site is safe and trustworthy :)

So, is there a way to make Rails redirect using relative URLs? as opposed to adding http://www.example.com... in front of each URL it redirects to?

TIA

Answer 1

For a solution not using Apache, you can write the code as:

redirect_to :action => :welcome, :protocol => '//'

or,

redirect_to :action => :welcome, :only_path => true

Answer 2

I've found an easy fix for this when using Apache: rewrite the 30X headers

http://blog.delouw.ch/2009/10/29/302-redirect-behind-ssl-terminating-proxies/

Header edit Location ^http://(.*)$ https://$1

This question also has an answer about editing the header to remove the protocol and host, as opposed to redirecting everything:

How to Rewrite Location Response Header in a Proxy Setup with Apache

Header edit Location "(^http[s]?://)([a-zA-Z0-9\.\-]+)" ""