peterk
March 30, 2006, 5:47pm
1
Is there any way to have the plugin require SSL to be used for all
actions in a controller and just specify the ones you dont want to
require SSL using ssl_allowed?
class ApplicationController < ActiveRecord::Base
include SslRequirement
ssl_required .
Many thanks.
Also I could of course combine this with local.request? so that when
developing locally http is allowed, but when in production the
ssl_required kicks in.
peterk
March 30, 2006, 5:51pm
2
Here’s how I’m doing it:
before_filter :require_ssl, :except => [:some_action, :other_action]
def require_ssl
if !@request.ssl ?
redirect_to :protocol => “https://”
end
end
On 3/30/06, Peter P. [email protected] wrote:
http://lists.rubyonrails.org/mailman/listinfo/rails
–
http://www.michaelgorsuch.org
peterk
March 30, 2006, 5:54pm
3
You could also chain a statement for local requests - something like:
if !@requst.ssl ? and !@requiest.local
…
On 3/30/06, Michael G. [email protected] wrote:
On 3/30/06, Peter P. [email protected] wrote:
http://lists.rubyonrails.org/mailman/listinfo/rails
–
http://www.michaelgorsuch.org
–
http://www.michaelgorsuch.org
peterk
March 31, 2006, 11:58am
4
Thanks Michael, Are you not using the SSL_require plugin then, just
doing your own version, looks pretty stright forward!
peterk
March 31, 2006, 1:15pm
5
I have similar:
Adds a filter that requires ssl.
def self.require_ssl(options={})
before_filter :require_ssl, options
end
def require_ssl
if ENV[‘RAILS_SSL’] == ‘on’
request.env[‘HTTPS’] = ‘on’
raise SSLRequiredError if !request.ssl?
end
end
Then in controllers:
require_ssl :only => ‘login’
etc…
This way I can set an environment variable to turn it on or off and
rather than redirecting it actually raises an exception. Just a
variation…
On 3/31/06, Peter [email protected] wrote:
–
Dan W.
http://www.danwebb.net