Take a look at the ssl_requirement plugin.
Shouldn't it check to see if you're in production mode? We're seeing a redirect to https in development mode, which seems odd. Or is that the normal behavior for the plugin? I thought it behaved differently in the past.
I guess they believe that you should probably be using HTTPS (perhaps with a self-signed certificate) in development mode. If that's not the desired behaviour, there's nothing stopping you from special casing SSL behaviour in the development environment yourself:
class YourController < ApplicationController
ssl_required :update unless Rails.env.development?
end
Ideally you should be testing that your application redirects to https during sensitive stages.
There isn't much point in requiring SSL in the development environment.
You can stub out the plugins ssl_required? method using Rails' built in mocking facilities.
Under your application root directory create a file test/mocks/development/application.rb
require 'controllers/application_controller'
class ApplicationController < ActionController::Base
def ssl_required?
false
end
end
This way SSL is never required in the development environment.
def ssl_required?
return false if local_request? || RAILS_ENV == 'test' || RAILS_ENV == 'development'
super
end