I found that AJAX calls were not working on my Rails site when a page was using SSL/HTTPS. I worked around this by adding

ssl_allowed :action1, :action2, :actionN

to the controllers involved.

I foresee this being a pain and prone to bugs in the future, as I'll indubitably forget to add an action to the ssl_allowed list.

Is there a way to turn on ssl_allowed/ssl_required globally in the [ssl_requirement][1] gem, for all actions of every controller in my site? I tried adding the following to ApplicationController, but that did not work:

ssl_allowed :all

If you'd rather not depend on a forked plugin, you can override ssl_allowed? in your controller:

 class ApplicationController < ActionController::Base
    ...
    private

    def ssl_allowed?
       true
    end
 end

EDIT: This does not do what I thought it did. Instead of disabling redirects to http for pages that are not specified ssl_required, it short circuts the whole redirect process to do nothing. This is very bad. The code:

 def ensure_proper_protocol
   return true if ssl_allowed?

   if ssl_required? && !request.ssl?
     redirect_to "https://" + request.host + request.request_uri
     flash.keep
     return false
   elsif request.ssl? && !ssl_required?
     redirect_to "http://" + request.host + request.request_uri
     flash.keep
     return false
   end
 end

Adding the ssl_allowed? method like this would only be the answer if the code instead read:

def ensure_proper_protocol
  if ssl_required? && !request.ssl?
    redirect_to "https://" + request.host + request.request_uri
    flash.keep
    return false
  elsif request.ssl? && !ssl_required? && !ssl_allowed?
    redirect_to "http://" + request.host + request.request_uri
    flash.keep
    return false
  end
end

I found grosser's ssl_requirement fork at github (link) which enables "ssl_allowed :all" and replaced my copy of the gem with that version. Now I'm using "ssl_allowed :all" in my ApplicationController and nowhere else. Exactly what I wanted.