Secure Subdomain

I have a rails 3.1 app running on Heroku and am about to add user
authentication.
I have also attached a ssl cert and plan on using secure.mydomain.com
for registration and sign in.

I know that I can force a model to use ssl easily in 3.1.

But how to I make sure that the generated route paths for the user
default to the secure Subdomain?
Example: if a user clicks sign up or sign in he is sent to
https://secure.mydomain.com

If it matters, I’m planning on using devise, but I’m fine with rolling
my own if need be.

Hesham Amiri wrote in post #1023058:

I have a rails 3.1 app running on Heroku and am about to add user
authentication.
I have also attached a ssl cert and plan on using secure.mydomain.com
for registration and sign in.

I know that I can force a model to use ssl easily in 3.1.

But how to I make sure that the generated route paths for the user
default to the secure Subdomain?
Example: if a user clicks sign up or sign in he is sent to
https://secure.mydomain.com

If it matters, I’m planning on using devise, but I’m fine with rolling
my own if need be.

What is the benefit of using a subdomain for SSL? Why not keep your life
simple and put the SSL cert on mydomain.com or use a wildcard cert on
*.mydomain.com? SSL run through a different port anyway so why the need
for a separate subdomain?

As for handling routing to subdomains, this might help:

http://guides.rubyonrails.org/routing.html#request-based-constraints

P.S. I’m not trying to be difficult, I really would like to know the
benefit gained by using a subdomain.

From what I understand from the docs on Heroku, I will have to specify
a secure subdomain even though I have a wildcard certificate.

On Thu, Sep 22, 2011 at 2:35 AM, Hesham [email protected] wrote:

From what I understand from the docs on Heroku, I will have to specify
a secure subdomain even though I have a wildcard certificate.

Can you provide a pointer to that doc? I have an app on Heroku using
SSL without any subdomain.


Hassan S. ------------------------ [email protected]
http://about.me/hassanschroeder
twitter: @hassan