35

I see the following error in Terminal when attempting to run a Ruby on Rails app. 

HTTP parse error, malformed request (): #<Puma::HttpParserError: Invalid HTTP format, parsing fails.>
2017-03-12 13:10:02 -0400: ENV: {"rack.version"=>[1, 3], "rack.errors"=>#<IO:<STDERR>>, "rack.multithread"=>true, "rack.multiprocess"=>false, "rack.run_once"=>false, "SCRIPT_NAME"=>"", "QUERY_STRING"=>"", "SERVER_PROTOCOL"=>"HTTP/1.1", "SERVER_SOFTWARE"=>"puma 3.4.0 Owl Bowl Brawl", "GATEWAY_INTERFACE"=>"CGI/1.2"}

The browser error: 

This site can’t provide a secure connection. localhost sent an invalid response. ERR_SSL_PROTOCOL_ERROR*

I have tried the following

  • Clearing browser cache and restarting
  • Reverting back to an old commit in GIT that was working at the time
  • Restarting terminal
  • Running a different rails app that was functional
Improve this question
1
  • First of all, delete all chache of chrome. It works well for me. Commented Oct 3, 2018 at 3:37

8 Answers 8

Reset to default
43

Here are some possible solutions.

  1. Make sure you are connecting through http://localhost:3000 and not https://localhost:3000.

  2. If the browser redirects to HTTPS and it's Google Chrome, try this solution that addresses an HSTS problem: https://stackoverflow.com/a/28586593

  3. Make sure you do not have the production environment (if that's what you're serving) forcing HTTPS. If that's the problem, comment this out or change true to false:

    config/environments/production.rb

    # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
config.force_ssl = true
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thanks for this shout, stupid me was using https instead of http
Took me a minute to realize I was accessing https instead of http, thanks to Chrome's stupid protocol hiding.
Make sure you are connecting through localhost:3000 and not localhost:3000, solved it for me.
@NemyaNation Thanks for your comment I was being stupid as well 😂, used https for localhost 🥲
7

For those reading this in the future, consider the following:

  1. Did you change your server in your Gemfile. e.g. from Puma to Thin?
  2. Have you set up an SSL certificate?
  3. Are you starting your webserver with SSL certificate flags?
  4. Is SSL turned on in your development/production environment - and what environment are you invoking?

If you are ok with turning off SSL in your development environment you can do so by going to:

config/environments/development.rb and configuring:

config.force_ssl = false

Here is some code that works for me, using puma, that invokes SSL certification (locally). I have created my certificates and have dumped it in the relevant location:

rails s -b 'ssl://localhost:3000?key=./.ssl/localhost.key&cert=./.ssl/localhost.crt'

When I want to run it in a production environment from my PC I using the following:

rails s -b 'ssl://localhost:3000?key=./.ssl/localhost.key&cert=./.ssl/localhost.crt' -e production

HTH

Improve this answer

Comments

6

seems like you are trying to run HTTPS on your local. You need to have a TLS toolkit (like openSSL) installed on your local. OPENSSL for example.

after you made sure of that, and if still not working, maybe you can find you're answer in the next Github issue. Seems like a bug with Puma gem. GITHUB ISSUE TALK

Improve this answer

Comments

3

In my case it was silly mistake I started server on http and my url was pointing to https. I hope it would save someone's time ;)

Improve this answer

Comments

2

Faced this error as well, If the above solutions don't work, do a quick check to see if you have this meta tag in your application.html.erb

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

This will force Google Chrome to redirect localhost to HTTPS

Improve this answer

Comments

1

Access the app using a different browser, or if you are in Chrome access it in Incognito mode. After this the error did not show in any browser again. Remember to remove the config.force_ssl or set it to false in the development.rb file first.

Encountered this today after adding and then removing the config.force_ssl = true config in our Rails 6 app's development.rb file. Tried to access the app in localhost, in a Chrome browser, and the same error showed. Restared rails server several times, to no avail.

The accessing it in different browser, where the force ssl version of the app client was never opened, worked.

Improve this answer

Comments

0

If you are setting Content-Security-Policy in your application via action_dispatch.default_headers:

  config.action_dispatch.default_headers = ({
      'Content-Security-Policy' => "default-src 'self' https:;\
        font-src 'self' https: data:;\
        img-src 'self' https: data: blob:;\
        object-src 'self';\
        script-src 'self' https: 'unsafe-inline' 'unsafe-eval';\
        style-src 'self' https: 'unsafe-inline';\
        upgrade-insecure-requests;\
        frame-ancestors *"
    })

Make sure to override that setting in your development environment to add http: options to these. Like so:

  config.action_dispatch.default_headers = ({
    'Content-Security-Policy' => "default-src 'self' http: https:;\
      font-src 'self' http: https: data:;\
      img-src 'self' http: https: data: blob:;\
      object-src 'self';\
      script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval';\
      style-src 'self' http: https: 'unsafe-inline';\
      frame-ancestors *"
  })
Improve this answer

Comments

0

I had this problem after running RAILS_ENV=production rails server.

Localhost should still work as expected in incognito or in a browser other than chrome.

3 steps that solved it

  1. Open the https://localhost:3000 (the https version) in incognito
  2. Open dev tools (cmd + opt + j on mac)
  3. Hard refresh the page. Do this by either cmd + shift + r or by holding shift and clicking the refresh button.
  4. Now visit http://localhost:3000 (http version) and it should load as it normally would

This info is from here.

Notes

Once in the past I used a debugger in production and somehow got the same error. Here's what seemed to solve:

  1. Put this in your address bar and hit enter:
chrome://settings/content/all?search=cookies

  1. Look for the cookie(s) for the production website and delete them.

  2. Visit localhost and see if works now

  3. You have also have to close and reopen chrome.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.