Hello everybody, i’m using ruby 1.8.6 and rails 1.1.6 for my web app.
My app is accessible both in http and https but i would like to enforce
https only even when the user try to access using http only.
I tried a lot of solutions posted over the web but none worked for my
rails
version (which is very old, I know)
What could I do in order to achieve it? Is there any effective solution
that can be used with my rails version?
Thanks in advance for the help.
I haven’t tried this, but seems good
On Wed, Apr 17, 2013 at 8:59 PM, Gianpiero Venditti <
[email protected]> wrote:
https://groups.google.com/d/msg/rubyonrails-talk/-/gIjlx6E8d3wJ.
For more options, visit https://groups.google.com/groups/opt_out.
–
Thanks & Regards,
Nilesh B. Panchal
Mobile No. : +91-9664212069
E-mail : [email protected]
On Wednesday, April 17, 2013 4:29:43 PM UTC+1, Gianpiero Venditti wrote:
that can be used with my rails version?
Old school! Assuming you’ve got apache in front of your app, have you
tried adding a rewrite rule to redirect all http requests to the https
versions ?
Fred
On a recent project, I handled this through a before_filter as I wanted
unauthenticated pages to handle http and authenticated pages to always
redirect to https. My ApplicationController looked something like the
below. Note: I had to write my own authentication routines rather than
use
something like Devise as these were the early days of MongoDB support.
class ApplicationController < ActionController::Base
protect_from_forgery
layout ‘application’
before_filter :login_required
def login_required
unless current_user
return if require_ssl
end
end
def ssl_required?
return @ssl_required unless @ssl_required.nil?
@ssl_required = %w(production qa staging).include?(Rails.env)
end
def require_ssl
if ssl_required?
redirect_url = request.url.gsub(/^http:/, ‘https:’)
if request.url != redirect_url
redirect_to redirect_url, status: 301
true
end
end
end
end
Scott
On Wednesday, 17 April 2013 11:29:43 UTC-4, Gianpiero Venditti wrote:
Hello everybody, i’m using ruby 1.8.6 and rails 1.1.6 for my web app.
Any particular reason you’re using a 7-year-old version of Rails? You’d
be
seriously helped by upgrading to something more modern.
My app is accessible both in http and https but i would like to enforce
https only even when the user try to access using http only.
I tried a lot of solutions posted over the web but none worked for my
rails version (which is very old, I know)
What could I do in order to achieve it? Is there any effective solution
that can be used with my rails version?
The old ssl_requirement gem is roughly of the same vintage, so it might
do
what you want:
But seriously, you’re going to spend more time struggling with 1.1.6
than
you’ll save by not rewriting for a more modern version. For instance, a
lot
of the blog posts that were helpful back then aren’t even around
anymore,
as people move blog hosts + lose content.
–Matt J.