Hi: I don''t have access to change the apache configuration on my hosted server account (ie, install and use mod_header to do this as documented elsewhere). My entire site needs to be under ssl, so I want anyone coming to http://www.site.com/whatever/blah to route or redirect to https://www.site.com/whatever/blah. I added the following to my application controller: before_filter :set_ssl def set_ssl request.env["HTTPS"] = "on" end My default route goes to :controller => ''website''. This code in the application controller has the intended effect when I navigate to http://www.site.com - that is, I end up at https://www.site.com/website/index. However, when I navigate to http://www.site.com/website/index, it doesn''t redirect to the https protocol - I end up at http://www.site.com/website/index. Can anyone help me out and explain why the code I put in fires for the root of the site but not for a more specific url? Or.... anyone have other ideas or solutions that are accomplished via code completely within my rails application? Is there a way to do this with routes? Thanks. c. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Cayce Balara wrote:> Hi: > > I don''t have access to change the apache configuration on my hosted > server account (ie, install and use mod_header to do this as documented > elsewhere). My entire site needs to be under ssl, so I want anyone > coming to http://www.site.com/whatever/blah to route or redirect to > https://www.site.com/whatever/blah. > > I added the following to my application controller: > > before_filter :set_ssl > def set_ssl > request.env["HTTPS"] = "on" > end > > My default route goes to :controller => ''website''. > > This code in the application controller has the intended effect when I > navigate to http://www.site.com - that is, I end up at > https://www.site.com/website/index. > > However, when I navigate to http://www.site.com/website/index, it > doesn''t redirect to the https protocol - I end up at > http://www.site.com/website/index. > > Can anyone help me out and explain why the code I put in fires for the > root of the site but not for a more specific url? Or.... anyone have > other ideas or solutions that are accomplished via code completely > within my rails application? Is there a way to do this with routes? > > Thanks. > c.You would be better of just redirecting, rather than just changing the env variables on the server as HTTPS setup requires the browser and server negotiation. application_controller.rb before_filter :redirect_to_ssl def redirect_to_ssl redirect_to :protocol => "https://" unless (@request.ssl? or local_request?) end (after http://www.busyashell.com/blog/articles/2006/10/20/how-to-force-https-without-a-host-in-rails) -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> > You would be better of just redirecting, rather than just changing the > env variables on the server as HTTPS setup requires the browser and > server negotiation. > > application_controller.rb > > before_filter :redirect_to_ssl > def redirect_to_ssl > redirect_to :protocol => "https://" unless (@request.ssl? or > local_request?) > end > > (after > http://www.busyashell.com/blog/articles/2006/10/20/how-to-force-https-without-a-host-in-rails)I appreciate the idea and the link. However, that puts my site in a loop that fails after a second or two with a "The page isn''t redirection properly" error. FYI I''m using login_engine and user_engine on this site, not sure if that affects anything, but there are a couple of other before_filters relating to authorizing the action and logging in via cookie. Any ideas? tks. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Cayce Balara wrote:> I appreciate the idea and the link. However, that puts my site in a loop > that fails after a second or two with a "The page isn''t redirection > properly" error. FYI I''m using login_engine and user_engine on this > site, not sure if that affects anything, but there are a couple of other > before_filters relating to authorizing the action and logging in via > cookie. > > Any ideas? > > tks.Hmmm. Sounds like it''s doing too many redirects. Does the page your visiting require login to access? I am not familiar with engines (yet), so can''t help there... -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
If you''re on shared hosting, it may be difficult to add the https, since by nature https encrypts at the server/port level. see: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2 on why it''s impossible to do use Name-Based Virtual Hosting to identify different SSL virtual hosts. unless you''re the only one on that box or have a separate IP and the host isn''t currently using port 443.... -- Charles Brian Quinn self-promotion: www.seebq.com highgroove studios: www.highgroove.com slingshot hosting: www.slingshothosting.com 678.389.9462 Ruby on Rails Bootcamp at the Big Nerd Ranch Intensive Ruby on Rails Training: http://www.bignerdranch.com/classes/ruby.shtml On 1/11/07, Andrew Skegg <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > Cayce Balara wrote: > > I appreciate the idea and the link. However, that puts my site in a loop > > that fails after a second or two with a "The page isn''t redirection > > properly" error. FYI I''m using login_engine and user_engine on this > > site, not sure if that affects anything, but there are a couple of other > > before_filters relating to authorizing the action and logging in via > > cookie. > > > > Any ideas? > > > > tks. > > Hmmm. > > Sounds like it''s doing too many redirects. Does the page your visiting > require login to access? > > I am not familiar with engines (yet), so can''t help there... > > -- > Posted via http://www.ruby-forum.com/. > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Andrew Skegg wrote:> Cayce Balara wrote: >> I appreciate the idea and the link. However, that puts my site in a loop >> that fails after a second or two with a "The page isn''t redirection >> properly" error. FYI I''m using login_engine and user_engine on this >> site, not sure if that affects anything, but there are a couple of other >> before_filters relating to authorizing the action and logging in via >> cookie. >> >> Any ideas? >> >> tks. > > Hmmm. > > Sounds like it''s doing too many redirects. Does the page your visiting > require login to access? > > I am not familiar with engines (yet), so can''t help there...That page, no - other pages on the site yes. In any case - I have something to research - I appreciate you getting me headed in a better direction. c. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Charles Brian Quinn wrote:> If you''re on shared hosting, it may be difficult to add the https, > since by nature https encrypts at the server/port level. >Understood, as such this host requires a dedicated IP when you get your SSL certificate. Update - per my host tech support, the reason this is happening is that Apache proxies all requests - http:// and https:// - to Mongrel using http:// protocol. So - Mongrel and subsequently rails has no idea which session is SSL unless you use a header rewrite to add a flag for rails to know it''s ssl (this is the solution documented elsewhere on the web). Thanks for assistance, all. c. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---