This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Ruby on Rails Connection Security Cheatsheet

From OWASP
Revision as of 14:56, 28 February 2018 by ZaurMolotnikov (talk | contribs) (Created page with "When securing a rails application it is essential to enforce connection security. Its is done with simple configuration in rails by enabling TLS and forcing it: <syntaxhig...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

When securing a rails application it is essential to enforce connection security.

Its is done with simple configuration in rails by enabling TLS and forcing it:

  # config/environments/production.rb
  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies
  config.force_ssl = true

Uncomment the line 3 as above in your configuration for production.