Ethan Wilkins Ethan Wilkins - 5 months ago 16
Ruby Question

Rails Simple Captcha not going over HTTPS

I'm using the

simple_captcha2
gem for authentication with Rails and have it working fine in development but the captcha image/code is not going over the SSL layer in production so the image is not rendering within the captcha form. I set up OpenSSL using this letsencrypt tutorial for multiple domains and it's worked fine for everything but
simple_captcha2
.

Here is the error output from Firefox:

Loading mixed (insecure) display content "http://anrcho.com/simple_captcha?code=f987a2c87ea145419d79a00d6a257df701e2bea8&time=1465962694" on a secure page

Answer

Adding the following lines (as described here) to my nginx.conf solved the issue of request.protocol returning the wrong protocol:

proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;

As far as the captcha image not loading, whether as secure or insecure content, imagemagick has to be installed.