Hello everybody, i''m using ruby 1.8.6 and rails 1.1.6 for my web app. My app is accessible both in http and https but i would like to enforce https only even when the user try to access using http only. I tried a lot of solutions posted over the web but none worked for my rails version (which is very old, I know) What could I do in order to achieve it? Is there any effective solution that can be used with my rails version? Thanks in advance for the help. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/gIjlx6E8d3wJ. For more options, visit https://groups.google.com/groups/opt_out.
I haven''t tried this, but seems good http://www.simonecarletti.com/blog/2011/05/configuring-rails-3-https-ssl/ http://collectiveidea.com/blog/archives/2010/11/29/ssl-with-rails/ On Wed, Apr 17, 2013 at 8:59 PM, Gianpiero Venditti < gianpiero.venditti-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hello everybody, i''m using ruby 1.8.6 and rails 1.1.6 for my web app. > > My app is accessible both in http and https but i would like to enforce > https only even when the user try to access using http only. > > I tried a lot of solutions posted over the web but none worked for my > rails version (which is very old, I know) > > What could I do in order to achieve it? Is there any effective solution > that can be used with my rails version? > > > Thanks in advance for the help. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To view this discussion on the web visit > https://groups.google.com/d/msg/rubyonrails-talk/-/gIjlx6E8d3wJ. > For more options, visit https://groups.google.com/groups/opt_out. > > >-- Thanks & Regards, Nilesh B. Panchal Mobile No. : +91-9664212069 E-mail : neil08.panchal-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
On Wednesday, April 17, 2013 4:29:43 PM UTC+1, Gianpiero Venditti wrote:> > Hello everybody, i''m using ruby 1.8.6 and rails 1.1.6 for my web app. > > My app is accessible both in http and https but i would like to enforce > https only even when the user try to access using http only. > > I tried a lot of solutions posted over the web but none worked for my > rails version (which is very old, I know) > > What could I do in order to achieve it? Is there any effective solution > that can be used with my rails version? > > Old school! Assuming you''ve got apache in front of your app, have youtried adding a rewrite rule to redirect all http requests to the https versions ? Fred -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/59XB--bAD0QJ. For more options, visit https://groups.google.com/groups/opt_out.
On a recent project, I handled this through a before_filter as I wanted
unauthenticated pages to handle http and authenticated pages to always
redirect to https. My ApplicationController looked something like the
below. Note: I had to write my own authentication routines rather than use
something like Devise as these were the early days of MongoDB support.
class ApplicationController < ActionController::Base
protect_from_forgery
layout ''application''
before_filter :login_required
def login_required
unless current_user
return if require_ssl
end
end
def ssl_required?
return @ssl_required unless @ssl_required.nil?
@ssl_required = %w(production qa staging).include?(Rails.env)
end
def require_ssl
if ssl_required?
redirect_url = request.url.gsub(/^http:/, ''https:'')
if request.url != redirect_url
redirect_to redirect_url, status: 301
true
end
end
end
end
Scott
On Wednesday, April 17, 2013 4:57:18 PM UTC-4, Frederick Cheung
wrote:>
>
>
> On Wednesday, April 17, 2013 4:29:43 PM UTC+1, Gianpiero Venditti wrote:
>>
>> Hello everybody, i''m using ruby 1.8.6 and rails 1.1.6 for my
web app.
>>
>> My app is accessible both in http and https but i would like to enforce
>> https only even when the user try to access using http only.
>>
>> I tried a lot of solutions posted over the web but none worked for my
>> rails version (which is very old, I know)
>>
>> What could I do in order to achieve it? Is there any effective solution
>> that can be used with my rails version?
>>
>> Old school! Assuming you''ve got apache in front of your app,
have you
> tried adding a rewrite rule to redirect all http requests to the https
> versions ?
>
> Fred
>
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/af3jxXAtDhkJ.
For more options, visit https://groups.google.com/groups/opt_out.
On Wednesday, 17 April 2013 11:29:43 UTC-4, Gianpiero Venditti wrote:> > Hello everybody, i''m using ruby 1.8.6 and rails 1.1.6 for my web app. > >Any particular reason you''re using a 7-year-old version of Rails? You''d be *seriously* helped by upgrading to something more modern.> My app is accessible both in http and https but i would like to enforce > https only even when the user try to access using http only. > > I tried a lot of solutions posted over the web but none worked for my > rails version (which is very old, I know) > > What could I do in order to achieve it? Is there any effective solution > that can be used with my rails version? > >The old ssl_requirement gem is roughly of the same vintage, so it might do what you want: https://github.com/rails/ssl_requirement But seriously, you''re going to spend more time struggling with 1.1.6 than you''ll save by not rewriting for a more modern version. For instance, a lot of the blog posts that were helpful back then aren''t even around anymore, as people move blog hosts + lose content. --Matt Jones -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/FzscWPAUOoMJ. For more options, visit https://groups.google.com/groups/opt_out.