Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSL with Ruby on Rails

Tags:

https

ssl

ruby-on-rails

What do I need to do to get traffic to my ruby on rails app to use https? I have a certificate installed and if I manually type in "https://" in the address bar when accessing the site the little lock icon appears, but just manually going to www.example-app.com in my browser sends traffic through http://.

Is there some one-line config or is it more complicated than that? I've never had to deal with SSL before, so excuse me if I sound like I don't know what's going on.

I'm hosting at MediaTemple in a (gs), if that matters or anyone has experience with such a setup.

like image 564
Austin Fitzpatrick Avatar asked Jan 23 '10 01:01

Austin Fitzpatrick

3 Answers

Check out the ssl_requirement gem.

It lets you specify in your controllers which actions should be served over https and which actions can be served over https. It will then take care of redirecting from http to https and vice-versa.

From the documentation:

class ApplicationController < ActiveRecord::Base
  include SslRequirement
end

class AccountController < ApplicationController
  ssl_required :signup, :payment
  ssl_allowed :index

  def signup
    # Non-SSL access will be redirected to SSL
  end

  def payment
    # Non-SSL access will be redirected to SSL
  end

  def index
    # This action will work either with or without SSL
  end

  def other
    # SSL access will be redirected to non-SSL
  end
end
like image 188
jerhinesmith Avatar answered Nov 19 '22 15:11

jerhinesmith

Ruby on Rails is an application framework and not a web server. The HTTPS configuration you need to change is in your web server (Apache, nginx, etc) config.

like image 39
Zepplock Avatar answered Nov 19 '22 16:11

Zepplock

It's pretty easy, and you don't need a gem for it. I blogged how to redirect without www in rails here. Redirecting to https is (almost) exactly the same.

class ApplicationController < ActionController::Base
  before_filter :redirect_to_https

  def redirect_to_https
    redirect_to "https://example.com#{request.fullpath}" if !request.ssl? && request.host != "localhost"
  end
end

Apply your before_filter on anything that you want to make sure is kept behind the SSL security. I'm usually one for code reuse and gems, but this one is ridiculously simple. Read more about request.protocol. (Note that in the Ruby 1.9.3 / Rails 3.2 environment, the name is request.fullpath; in some earlier versions, it was request.request_uri; see the release notes, etc.)

like image 3
Jarrett Meyer Avatar answered Nov 19 '22 15:11

Jarrett Meyer
Sign in to Comment

Related questions

Rails 3 - Devise With OmniAuth - Redirect after signing in goes to /users/sign_in
Nested resource route helper not working
Rails 3. simple_format do not wrap result in paragraph tags
cannot load such file -- bootstrap/sass
Active Admin Custom Action Item Resource Name
Raw javascript rendered on back button click
Efficient ActiveRecord has_and_belongs_to_many query
undefined|0|ReferenceError: Strict mode forbids implicit creation of global property 'csrf_token'
rails won't send_data as file
Failing to bundle install tiny_tds on Mac OS X 10.8 with Homebrew FreeTds
on Linux, how can I resolve WARNING: Nokogiri was built against LibXML version 2.8.0, but has dynamically loaded 2.9.0 ?
How can I set http header for all capybara features
How to access current_user from a Doorkeeper authenticated session
Couldn't find User with id=sign_out
Rails 4 - Want To Have Rails Use My Local Time Zone for created_at & updated_at
Rails conditional validation in model
What is difference between perform_in and perform_async in sidekiq?
Warning: unrecognized cop Rails/
Using named_scope to get row count
What can I do to speed up Rails development mode?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!