Hi,
I’ve been using the ssl_requirement plugin as it made the most sense
to me from an architecture standpoint, where the controller that is
doing the resource accessing declares where SSL is required or
allowed. This works great in terms of ensure the ~final~ protocol is
correct for that controller, but it doesn’t tie into any of the URL
helpers, so the original link is often to the wrong protocol and then
there’s a redirect.
A good example of this is a link on the home page (non-SSL) to the
signup page (SSL). If you just did a link_to new_users_path then it
would point to the non-SSL one; when clicked the users controller
would see that it wasn’t SSL protocol and redirect. While this
functionally works it seems like a waste to make two server requests.
For the most common ones, such as the example, I’ve solved/hacked this
by adding in :requirements =>{:protocol => ROUTES_SSL_PROTOCOL} to the
route definition (rails 2.3.x style, ROUTES_SSL_PROTOCOL is set above
so that I can easily turn it on/off for the development box). This
works but it means to have all the right routes set I’d need to
manually keep both that file and the ssl_ directives in the controller
in sync. Being lazy and forgetful and liking things to be DRY, I’d
prefer to just write it in one location (either would be fine really)
and then have the other part figure it out.
I believe that doing this would not be too hard (I think it will boil
down to alias chaining ActionController#url_for to read the info that
ssl_required puts in there) but before I embarked down that road I
wanted to see if there was an existing solution that solved this
problem already? I poked around some and couldn’t seem to find
anything, but it also seemed odd that I’m the only person that would
be a sad panda from this.
Thanks,
\Peter