I decided to put a 'real' URL to my side project which meant that I put it behind Cloudflare and turned on SSL for both CloudFlare and Heroku. However, I was running into an issue where the first symptom was that I was unable to log in. After some digging, I found the following error where I saw
HTTP Origin header (https://[my site name]) didn't match request.base_url (http://[my site name])
After some digging, I came across this article on github which then linked me to this blog entry.
The net result was simply:
- Ensure you have SSL turned on in Heroku. This is now a paid tier
- Turn on the SSL settings on Cloudflare to Full