config.middleware.use Rack::SslEnforcer breaks ajax requests

[costajob]

Hi,

i'm using the gem to force the "profile" actions of my Rails application to SSL, so i've put the following snippet of code into "application.rb":

config.middleware.use Rack::SslEnforcer, :only => /^/profile//, :strict => true

Everything seems to function well, but i've now noticed that SSL redirection completely brokes my AJAX calls!

In Chrome, i've logged the error response from the jQuery error() callback, it says:
statusText: "Error: NETWORK_ERR: XMLHttpRequest Exception 101"

Also my Rails action will never be reached by the Ajax call.
Disabling SSL-Enforcer will solve the problem (i've also tried to run my application all in SSL and it does operate).

I'm working with:
ruby (1.9.2)
nginx+passenger (3.0.11)
rails (3.0.7)
rack (1.2.5)
rack-ssl-enforcer (0.2.4)

Any known issues?
Thanks
Mike

[tobmatth]

Hey Mike,

i think you might be violating javascripts same origin security policy when you try to access your secured /profile url from within http, e.g.

http://www.your-host.com and
https://www.your-host.com

are not the same origin...

HTH
Tobi

[costajob]

Hi Tobi,

That's the problem!
Sorry, i did not realize that the STRICT option will force my AJAX URI to HTTP while my page is HTTPS.
Now i have to find a workaround since i call the same AJAX also in plain HTTP pages and have to remove the STRICT option only for that particular action in order to avoid same-origin policy problems.

Many thanks
Mike