I decided to put a 'real' URL to my side project which meant that I put it behind Cloudflare and turned on SSL for both CloudFlare and Heroku. However, I was running into an issue where the first symptom was that I was unable to log in. After some digging, I found the following error where I saw

HTTP Origin header (https://[my site name]) didn't match request.base_url (http://[my site name])

After some digging, I came across this article on github which then linked me to this blog entry.

The net result was simply:

  • Ensure you have SSL turned on in Heroku. This is now a paid tier
  • Turn on the SSL settings on Cloudflare to Full

SSL breaking in Heroku with Cloudflare