The problem comes when I use form_tags. After they click the submit
button, the next page they land on is http
My question is, how can I keep them on https, even after they fill out a
form and hit submit?
My form tag seems to be producing the right HTML, but it still doesn’t
keep them in https
<%= form_tag( {:protocol => ‘https://’, :only_path => false, :action =>
:pre_checkout }, {:class => ‘form-large’}) %>
I had roughly the same problem and in my case it was because the
proper headers weren’t being set. Rails uses certain headers to
determine if the current request is using SSL and thus if it should
use https:// when generating URLs with url_for(). I had to add the
following line to my Apache configuration for the secure virtualhost
to get it to work:
RequestHeader set X_FORWARDED_PROTO 'https'
A quick glance at the ActionController source reveals this method:
# Is this an SSL request?
def ssl?
@env['HTTPS'] == 'on' || @env['HTTP_X_FORWARDED_PROTO'] ==
‘https’
end
I’m not sure why I didn’t need to append “HTTP_” to the request header
name, but it works (probably because somewhere along the line it gets
appended automatically.)
Try setting any of these headers in your web server’s configuration.
If you use the ssl_requirement plugin, then you can just declare the
action to which your form is submitting as requiring ssl in the
controller, and you don’t need the protocol specification in the
form_tag.
The real problem is that his application isn’t recognizing that it’s
currently being accessed via SSL, so all the URLs are being generated
with http:// instead of https://. If he used the ssl_requirement plug-
in without addressing the matter of the environment variable, that
plug-in would cause an infinite loop of redirects, as it would
continuously think it wasn’t being access via SSL even though it was.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.