[ANN] Secure Actions Plugin

Hi all,

This plugin lets you specify which actions must be run under ssl
(https). If a declared action is run without ssl, the user is redirect
to https. Also, once you declare an action to “require_ssl”, any links
to that action are going to be https:// links.


Hopefully you all will find this useful.


Looks good, thanks. I’ll give this a try.

Question: How is this different from the ssl_requirement plugin from
DHH? Is it based off it? How have you improved/modified it?

Thanks Marson,

The one main thing that this plugin adds to DHH’s ssl_requirement
plugin is the automatic https:// links to secure actions when using
link_to, etc.

The idea was really this: Redirecting a user to a secure version of
the site if that action is declared “secure” is an ok solution, but it
is really a failsace. If you are posting to an action with your login/
password and you post it to http://, then being redirected to https://
is kind of meaningless since your credentials were transmitted in the
clear once.

With this plugin, you can declare your secure actions in one place,
and are assured that any forms, links, etc to those actions are going
to be https://

Hope this helps

On Jan 29, 3:40 am, “[email protected][email protected]