search

elixir-plug / plug

Compose web applications with functions
https://hex.pm/packages/plug
Other
2.81k stars 578 forks source link

Add Path-Based Exclusion to Plug.SSL #1194

Closed cgrothaus closed 7 months ago

cgrothaus commented 7 months ago

Add Path-Based Exclusion to Plug.SSL

This PR introduces a new feature in the Plug.SSL module. It allows specifying paths that should be excluded from HTTPS redirection. The feature adds an :exclude_paths option. This option works similarly to the existing :exclude option for hosts.

Background

We face a specific scenario involving a health check endpoint. A load balancer uses this endpoint to assess server health. The load balancer requests this endpoint over HTTP. It cannot be configured to add the x-forwarded-proto header. Additionally, we cannot identify the load balancer's hostname or IP. Moreover, the load balancer cannot follow an HTTPS redirect.

Similar features exist in other frameworks. For example, Rails has the force_ssl method (ActionDispatch::SSL). It allows excluding specific paths from HTTPS redirection. The django-sslify package for Django also offers this functionality (django-sslify).

josevalim commented 7 months ago

Thank you! The way to achieve this is by plugging it conditionally, as outlined here: https://github.com/elixir-plug/plug/blob/b05cd27012511426d1c75834fe66566539ee89cd/lib/plug/builder.ex#L53. Inside Phoenix, you can set force_ssl to false and then plug conditionally at the top of your endpoint.

cgrothaus commented 7 months ago

Ah, I see 💡 ! Thank you!

cgrothaus commented 7 months ago

Now that I understand that force_ssl just places Plug.SSL at the top of my endpoint, it is even easier. As my healthcheck is itself a plug, it is sufficient to plug Plug.SSL below it 💡 . No need to plug conditionally.