Is there any way to have the plugin require SSL to be used for all
actions in a controller and just specify the ones you dont want to
require SSL using ssl_allowed?
class ApplicationController < ActiveRecord::Base
include SslRequirement
ssl_required *.*
Many thanks.
Also I could of course combine this with local.request? so that when
developing locally http is allowed, but when in production the
ssl_required kicks in.
--
Posted via http://www.ruby-forum.com/.
Here''s how I''m doing it:
before_filter :require_ssl, :except => [:some_action, :other_action]
def require_ssl
if !@request.ssl?
redirect_to :protocol => "https://"
end
end
On 3/30/06, Peter Piper <peter@nospam.org> wrote:> Is there any way to have the plugin require SSL to be used for all
> actions in a controller and just specify the ones you dont want to
> require SSL using ssl_allowed?
>
> class ApplicationController < ActiveRecord::Base
> include SslRequirement
> ssl_required *.*
>
>
> Many thanks.
>
>
> Also I could of course combine this with local.request? so that when
> developing locally http is allowed, but when in production the
> ssl_required kicks in.
>
> --
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
--
http://www.michaelgorsuch.org
You could also chain a statement for local requests - something like: if !@requst.ssl? and !@requiest.local ... On 3/30/06, Michael Gorsuch <michael.gorsuch@gmail.com> wrote:> Here''s how I''m doing it: > > before_filter :require_ssl, :except => [:some_action, :other_action] > > def require_ssl > if !@request.ssl? > redirect_to :protocol => "https://" > end > end > > On 3/30/06, Peter Piper <peter@nospam.org> wrote: > > Is there any way to have the plugin require SSL to be used for all > > actions in a controller and just specify the ones you dont want to > > require SSL using ssl_allowed? > > > > class ApplicationController < ActiveRecord::Base > > include SslRequirement > > ssl_required *.* > > > > > > Many thanks. > > > > > > Also I could of course combine this with local.request? so that when > > developing locally http is allowed, but when in production the > > ssl_required kicks in. > > > > -- > > Posted via http://www.ruby-forum.com/. > > _______________________________________________ > > Rails mailing list > > Rails@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > > -- > http://www.michaelgorsuch.org >-- http://www.michaelgorsuch.org
Thanks Michael, Are you not using the SSL_require plugin then, just doing your own version, looks pretty stright forward! -- Posted via http://www.ruby-forum.com/.
I have similar:
# Adds a filter that requires ssl.
def self.require_ssl(options={})
before_filter :require_ssl, options
end
def require_ssl
if ENV[''RAILS_SSL''] == ''on''
request.env[''HTTPS''] = ''on''
raise SSLRequiredError if !request.ssl?
end
end
Then in controllers:
require_ssl :only => ''login''
etc..
This way I can set an environment variable to turn it on or off and
rather than redirecting it actually raises an exception. Just a
variation....
On 3/31/06, Peter <P@no.com> wrote:> Thanks Michael, Are you not using the SSL_require plugin then, just
> doing your own version, looks pretty stright forward!
>
>
> --
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
--
Dan Webb
http://www.danwebb.net