Yello,
When people login to my site, they are redirected to
https://mysite.org/their_account That part is working fine for me.
The problem comes when I use form_tags. After they click the submit
button, the next page they land on is http
My question is, how can I keep them on https, even after they fill out a
form and hit submit?
My form tag seems to be producing the right HTML, but it still doesn''t
keep them in https
<%= form_tag( {:protocol => ''https://'', :only_path =>
false, :action =>
:pre_checkout }, {:class => ''form-large''}) %>
Any ideas on this?
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
I had roughly the same problem and in my case it was because the
proper headers weren''t being set. Rails uses certain headers to
determine if the current request is using SSL and thus if it should
use https:// when generating URLs with url_for(). I had to add the
following line to my Apache configuration for the secure virtualhost
to get it to work:
RequestHeader set X_FORWARDED_PROTO ''https''
A quick glance at the ActionController source reveals this method:
# Is this an SSL request?
def ssl?
@env[''HTTPS''] == ''on'' ||
@env[''HTTP_X_FORWARDED_PROTO''] =''https''
end
I''m not sure why I didn''t need to append "HTTP_" to
the request header
name, but it works (probably because somewhere along the line it gets
appended automatically.)
Try setting any of these headers in your web server''s configuration.
Best of luck.
Ian
On Nov 20, 11:54 am, Joe Peck
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:> Yello,
> When people login to my site, they are redirected
tohttps://mysite.org/their_account That part is working fine for me.
>
> The problem comes when I use form_tags. After they click the submit
> button, the next page they land on is http
>
> My question is, how can I keep them on https, even after they fill out a
> form and hit submit?
>
> My form tag seems to be producing the right HTML, but it still
doesn''t
> keep them in https
> <%= form_tag( {:protocol => ''https://'', :only_path
=> false, :action =>
> :pre_checkout }, {:class => ''form-large''}) %>
>
> Any ideas on this?
> --
> Posted viahttp://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
If you use the ssl_requirement plugin, then you can just declare the action to which your form is submitting as requiring ssl in the controller, and you don''t need the protocol specification in the form_tag. Michael Slater www.BuildingWebApps.com On Nov 21, 1:48 pm, Ian Lesperance <ian.lespera...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I had roughly the same problem and in my case it was because the > proper headers weren''t being set. Rails uses certain headers to > determine if the current request is using SSL and thus if it should > use https:// when generating URLs with url_for(). I had to add the > following line to my Apache configuration for the secure virtualhost > to get it to work: > > RequestHeader set X_FORWARDED_PROTO ''https'' > > A quick glance at the ActionController source reveals this method: > > # Is this an SSL request? > def ssl? > @env[''HTTPS''] == ''on'' || @env[''HTTP_X_FORWARDED_PROTO''] => ''https'' > end > > I''m not sure why I didn''t need to append "HTTP_" to the request header > name, but it works (probably because somewhere along the line it gets > appended automatically.) > > Try setting any of these headers in your web server''s configuration. > > Best of luck. > > Ian > > On Nov 20, 11:54 am, Joe Peck <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> > wrote: > > > Yello, > > When people login to my site, they are redirected tohttps://mysite.org/their_account That part is working fine for me. > > > The problem comes when I use form_tags. After they click the submit > > button, the next page they land on is http > > > My question is, how can I keep them on https, even after they fill out a > > form and hit submit? > > > My form tag seems to be producing the right HTML, but it still doesn''t > > keep them in https > > <%= form_tag( {:protocol => ''https://'', :only_path => false, :action => > > :pre_checkout }, {:class => ''form-large''}) %> > > > Any ideas on this? > > -- > > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
The real problem is that his application isn''t recognizing that it''s currently being accessed via SSL, so all the URLs are being generated with http:// instead of https://. If he used the ssl_requirement plug- in without addressing the matter of the environment variable, that plug-in would cause an infinite loop of redirects, as it would continuously think it wasn''t being access via SSL even though it was. On Nov 27, 12:41 pm, Michael Slater <m...-04BUtanlfE1BDgjK7y7TUQ@public.gmane.org> wrote:> If you use the ssl_requirement plugin, then you can just declare the > action to which your form is submitting as requiring ssl in the > controller, and you don''t need the protocol specification in the > form_tag. > > Michael Slaterwww.BuildingWebApps.com > > On Nov 21, 1:48 pm, Ian Lesperance <ian.lespera...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > I had roughly the same problem and in my case it was because the > > proper headers weren''t being set. Rails uses certain headers to > > determine if the current request is using SSL and thus if it should > > use https:// when generating URLs with url_for(). I had to add the > > following line to my Apache configuration for the secure virtualhost > > to get it to work: > > > RequestHeader set X_FORWARDED_PROTO ''https'' > > > A quick glance at the ActionController source reveals this method: > > > # Is this an SSL request? > > def ssl? > > @env[''HTTPS''] == ''on'' || @env[''HTTP_X_FORWARDED_PROTO''] => > ''https'' > > end > > > I''m not sure why I didn''t need to append "HTTP_" to the request header > > name, but it works (probably because somewhere along the line it gets > > appended automatically.) > > > Try setting any of these headers in your web server''s configuration. > > > Best of luck. > > > Ian > > > On Nov 20, 11:54 am, Joe Peck <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> > > wrote: > > > > Yello, > > > When people login to my site, they are redirected tohttps://mysite.org/their_account That part is working fine for me. > > > > The problem comes when I use form_tags. After they click the submit > > > button, the next page they land on is http > > > > My question is, how can I keep them on https, even after they fill out a > > > form and hit submit? > > > > My form tag seems to be producing the right HTML, but it still doesn''t > > > keep them in https > > > <%= form_tag( {:protocol => ''https://'', :only_path => false, :action => > > > :pre_checkout }, {:class => ''form-large''}) %> > > > > Any ideas on this? > > > -- > > > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---