On Friday, 9 August 2013 15:15:16 UTC-4, stantona wrote:>
> I notice there''s the protocol option you can pass to route helpers
to
> ensure that you can use https.
>
> I''m just wondering if there''s a setting that can be
applied globally so
> that I don''t have to do this with each individual call.
>
> Thanks.
>
Couple options on this:
* use default_url_options - add this in an initializer:
Rails.application.routes.default_url_options[:protocol]=
''https''
* (better) use the force_ssl config option in, say,
config/environments/production.rb:
config.force_ssl = true
The second form will also do a couple things:
* makes URL helpers return HTTPS URLs
* makes session cookies secure (only sent over HTTPS)
* automatically redirects visitors on HTTP to HTTPS
* sends HSTS headers
(http://en.wikipedia.org/wiki/Strict_Transport_Security )
Probably better to use "config.force_ssl" unless you don''t
need / can''t use
some of the extra things it does.
--Matt Jones
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/fe30fe13-e2d6-4d09-ac17-748f09dfbe9b%40googlegroups.com?hl=en-US.
For more options, visit https://groups.google.com/groups/opt_out.