Rails - Mar 2007 - ssl_requirement redirecting to http from an https screen

I installed the ssl_requirement plugin & got it working w/my server
(lighty scgi) without too much difficulty.

I have some pages that require ssl (login for example) and some pages
that do not.  My problem is that once the site''s been redirected to an
ssl_required action, I don''t seem to be able to redirect back to a
non-ssl required page.

From some of the searching I''ve done on Google, it seems that the
expectation is that once you''ve switched over to an ssl page,
you''re not
supposed to go back.  I think this is a major hassle as it means that I
have to mark every action in my controllers w/the ssl_allowed parameter
and I have a lot of them.

Is there someone out there who knows how to make this work?

Thx
Noah

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Mar 29, 2007, at 7:24 PM, Noah wrote:
> I installed the ssl_requirement plugin & got it working w/my server
> (lighty scgi) without too much difficulty.
>
> I have some pages that require ssl (login for example) and some pages
> that do not.  My problem is that once the site''s been redirected
to an
> ssl_required action, I don''t seem to be able to redirect back to a
> non-ssl required page.
>
> From some of the searching I''ve done on Google, it seems that the
> expectation is that once you''ve switched over to an ssl page,  
> you''re not
> supposed to go back.  I think this is a major hassle as it means  
> that I
> have to mark every action in my controllers w/the ssl_allowed  
> parameter
> and I have a lot of them.
>
> Is there someone out there who knows how to make this work?
If you meant that you want some actions to only be accessed over  
http, you might want to do something like the following:

class MyController < ApplicationController
   before_filter :redirect_to_http, :except => :my_ssl_action

   def redirect_to_http
     redirect_to :protocol => "http://" and return false if  
@request.ssl?
   end

end


James.

-- 
James Stewart
Play: http://james.anthropiccollective.org
Work: http://jystewart.net/process/




--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Thanks for the reply James, but the ssl_requirement already contains 
this.

def ensure_proper_protocol
  return true if ssl_allowed?
  if ssl_required? && !request.ssl?
     redirect_to "https://" + request.host + request.request_uri
     return false
  elsif request.ssl? && !ssl_required?
     redirect_to "http://" + request.host + request.request_uri
     return false
  end
end

I put some debug statments in the code and got this in my log:
ssl_required? && !ssl_required? evaluated to true => /login/signin
Redirected to http://localhost/login/signin

So Rails seems to be intercepting it properly, the problem is that in my 
browser, the url is this: https://localhost/login/signin

Somehow, (in Lighty maybe?) it never gets changed.

But thanks for the suggestion.

Noah


James Stewart wrote:
> On Mar 29, 2007, at 7:24 PM, Noah wrote:
>> you''re not
>> supposed to go back.  I think this is a major hassle as it means  
>> that I
>> have to mark every action in my controllers w/the ssl_allowed  
>> parameter
>> and I have a lot of them.
>>
>> Is there someone out there who knows how to make this work?
> 
> If you meant that you want some actions to only be accessed over
> http, you might want to do something like the following:
> 
> class MyController < ApplicationController
>    before_filter :redirect_to_http, :except => :my_ssl_action
> 
>    def redirect_to_http
>      redirect_to :protocol => "http://" and return false if
> @request.ssl?
>    end
> 
> end
> 
> 
> James.
> 
> --
> James Stewart
> Play: http://james.anthropiccollective.org
> Work: http://jystewart.net/process/

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---