Thanks for the reply James, but the ssl_requirement already contains
return true if ssl_allowed?
if ssl_required? && !request.ssl?
redirect_to “https://” + request.host + request.request_uri
elsif request.ssl? && !ssl_required?
redirect_to “http://” + request.host + request.request_uri
I put some debug statments in the code and got this in my log:
ssl_required? && !ssl_required? evaluated to true => /login/signin
Redirected to http://localhost/login/signin
So Rails seems to be intercepting it properly, the problem is that in my
browser, the url is this: https://localhost/login/signin
Somehow, (in Lighty maybe?) it never gets changed.
But thanks for the suggestion.
James S. wrote:
On Mar 29, 2007, at 7:24 PM, Noah wrote:
supposed to go back. I think this is a major hassle as it means
have to mark every action in my controllers w/the ssl_allowed
and I have a lot of them.
Is there someone out there who knows how to make this work?
If you meant that you want some actions to only be accessed over
http, you might want to do something like the following:
class MyController < ApplicationController
before_filter :redirect_to_http, :except => :my_ssl_action
redirect_to :protocol => “http://” and return false if