Ssl_required being ignored?

Big_Dave_S · December 5, 2007, 12:25am

Hi everyone! I want to require SSL for a single action in one of my
controllers (for logging in, and sending a password).

Working off of the skateboard book, I have added:
include SslRequirement
to my application controller, and then in the login controller, I have
added the line:
ssl_required :login

This does not give me any errors, but it does not redirect me to https
either. It simply acts like it did before I added those two lines.
What have I missed?

I believe ssl is working on my server, as I can actually change any
address in my app to https instead of http, and it works fine, but it
seems to be ignoring the ssl_required line. Here is a taste of what
I’ve got:

class LoginController < ApplicationController
ssl_required :login
before_filter :authorize, :except => [:login, :index]
layout ‘public’

def login
…
end

…
end

Any help would be greatly appreciated. Hopefully I’ve just missed
something simple, but as I said, I’m using the example posed in the
skateboard book, and it seems to be just that simple. Thank you!

Big_Dave_S · December 6, 2007, 7:30am

Hi,

On Dec 4, 2007 6:25 PM, Big Dave S. [email protected] wrote:

This does not give me any errors, but it does not redirect me to https
before_filter :authorize, :except => [:login, :index]
something simple, but as I said, I’m using the example posed in the
skateboard book, and it seems to be just that simple. Thank you!

You could try making all actions require ssl by adding the following to
your
application.rb

protected
def ssl_required?
true
end

I actually use the following in my code, so it does not require ssl when
I’m
in the development or test environment.

protected
def ssl_required?
ENV[“RAILS_ENV”] == “production”
end

HTH,
Michael G.