On a recent project, I handled this through a before_filter as I wanted
unauthenticated pages to handle http and authenticated pages to always
redirect to https. My ApplicationController looked something like the
below. Note: I had to write my own authentication routines rather than use
something like Devise as these were the early days of MongoDB support.
class ApplicationController < ActionController::Base
protect_from_forgery
layout 'application'
before_filter :login_required
def login_required
unless current_user
return if require_ssl
end
end
def ssl_required?
return @ssl_required unless @ssl_required.nil?
@ssl_required = %w(production qa staging).include?(Rails.env)
end
def require_ssl
if ssl_required?
redirect_url = request.url.gsub(/^http:/, 'https:')
if request.url != redirect_url
redirect_to redirect_url, status: 301
true
end
end
end
end
Scott
On Wednesday, April 17, 2013 4:57:18 PM UTC-4, Frederick Cheung wrote:
>
>
>
> On Wednesday, April 17, 2013 4:29:43 PM UTC+1, Gianpiero Venditti wrote:
>>
>> Hello everybody, i'm using ruby 1.8.6 and rails 1.1.6 for my web app.
>>
>> My app is accessible both in http and https but i would like to enforce
>> https only even when the user try to access using http only.
>>
>> I tried a lot of solutions posted over the web but none worked for my
>> rails version (which is very old, I know)
>>
>> What could I do in order to achieve it? Is there any effective solution
>> that can be used with my rails version?
>>
>> Old school! Assuming you've got apache in front of your app, have you
> tried adding a rewrite rule to redirect all http requests to the https
> versions ?
>
> Fred
>
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/af3jxXAtDhkJ.
For more options, visit https://groups.google.com/groups/opt_out.
