Menu
I have a Rails 3 app running on Heroku and I also have a SSL installed and working. However, my users can still access the site without the https. How do I make sure that all urls are accessed using https?
Thanks
Edit:
I've tried adding this to application_controller.rb
before_filter :redirect_to_ssl
def redirect_to_ssl
redirect_to url_for params.merge({:protocol => 'https://'})
end
But I receive a Error 310 (net::ERR_TOO_MANY_REDIRECTS) error.
388
you may need to check if you are already using ssl... this works for us.
before_filter :redirect_to_ssl
def redirect_to_ssl
redirect_to :protocol => "https://" unless (request.ssl?)
end
There is a configuration setting you can use in config/production.rb or application.rb for your production environment.
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
This served me well on my Rails app without writing extra code.
41
Here's an answer I posted to a similar question.
Otherwise, you can use Rack::SSL.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
