I have a Rails application which need to run under SSL. I tried ssl_requirement but seems I have to type in all the actions in every controllers.
Is there any method that I can add a before_filter in application controller with ssl_requirement, so that the apps will redirect to https automatically when user request is in http?
Thanks all. :)
Use a Rack Middleware.
# lib/force_ssl.rb
class ForceSSL
def initialize(app)
@app = app
end
def call(env)
if env['HTTPS'] == 'on' || env['HTTP_X_FORWARDED_PROTO'] == 'https'
@app.call(env)
else
req = Rack::Request.new(env)
[301, { "Location" => req.url.gsub(/^http:/, "https:") }, []]
end
end
end
# config/environment.rb
config.middleware.use "ForceSSL"
You can try test if request is in ssl or not in a before_filter in your application
class Application < AC::Base
before_filter :need_ssl
def need_ssl
redirect_to "https://#{request.host}/#{request.query_string}" unless request.ssl?
end
end
The key problem is that force_ssl.rb isn't being loaded and that lib isn't loaded by default in rails 3.1. You have to add
config.autoload_paths += %W(#{config.root}/lib)
config.autoload_paths += Dir["#{config.root}/lib/**/"]
to application.rb
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With