Created
June 20, 2011 03:41
-
-
Save mrrooijen/1035084 to your computer and use it in GitHub Desktop.
Secure with SSL (Subdomain and Protocol) in Rails 3.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class ApplicationController < ActionController::Base | |
| protect_from_forgery | |
| before_filter :secure_with_ssl | |
| private | |
| def secure_with_ssl | |
| if request.subdomain != 'secure' or request.protocol != 'https' | |
| redirect_to :subdomain => 'secure', :protocol => 'https' | |
| end | |
| end | |
| end |
Thanks again for the great gist & help.
An update --
I'm deploying to Heroku and had issues when utilizing force_ssl while still trying to retain controller specific ssl and had a 'too many redirects' issue with your original code above. In addition to this, I was also getting an error by utilizing 'request.protocol', so I modified things just a bit and all is working wonderfully now.
Controllers where I didn't need SSL --
def no_secure_subdomain_ssl
if request.subdomain == 'secure' or request.ssl? == true
redirect_to root_url(:host => request.domain, :protocol => 'http' )
end
end
Controllers where I did need SSL --
def secure_subdomain_ssl
if Rails.env.production?
if request.subdomain != 'secure' or request.ssl? != true
redirect_to :subdomain => 'secure', :protocol => 'https'
end
end
endYou'll notice in that last one I would check the Rails environment so that I wouldn't have issues in development.
Thanks again for all the help man!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Perfect, I'll give it a shot and let you know how it goes.