Menu
Previously, I had been using ssl_requirement to give us fine grained control over which pages were served over ssl and which were served over plain http.
According to the ssl_requirement's own wiki, it has been superseded by rails 3.1's Force SSL. However this does not seem to be the case. Force SSL doesn't seem to expose an option to go in the opposite direction, there is no way to force a page to sent via regular http.
What is the correct Rails 3.1 way to force a page to be displayed in plain http? Does Force SSL truly supersede ssl_requirement?
959
What Justice said. Some people feel strongly about browsing with SSL for everything. It's now trivial to snoop non-SSL sessions, so you should go out of your way to accomodate people who want to use it.
However.
It should be fairly easy to accomplish using a before_filter:
class ApplicationController < ActionController::Base
before_filter do
if request.ssl? && Rails.env.production?
redirect_to :protocol => 'http://', :status => :moved_permanently
end
end
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
