Hi:
I don’t have access to change the apache configuration on my hosted
server account (ie, install and use mod_header to do this as documented
elsewhere). My entire site needs to be under ssl, so I want anyone
coming to Custom Application Development Software for Business - Salesforce.com to route or redirect to
Custom Application Development Software for Business - Salesforce.com.
I added the following to my application controller:
before_filter :set_ssl
def set_ssl
request.env[“HTTPS”] = “on”
end
My default route goes to :controller => ‘website’.
This code in the application controller has the intended effect when I
navigate to http://www.site.com - that is, I end up at
Custom Application Development Software for Business - Salesforce.com.
However, when I navigate to Custom Application Development Software for Business - Salesforce.com, it
doesn’t redirect to the https protocol - I end up at
Custom Application Development Software for Business - Salesforce.com.
Can anyone help me out and explain why the code I put in fires for the
root of the site but not for a more specific url? Or… anyone have
other ideas or solutions that are accomplished via code completely
within my rails application? Is there a way to do this with routes?
Thanks.
c.
Cayce B. wrote:
Hi:
I don’t have access to change the apache configuration on my hosted
server account (ie, install and use mod_header to do this as documented
elsewhere). My entire site needs to be under ssl, so I want anyone
coming to Custom Application Development Software for Business - Salesforce.com to route or redirect to
Custom Application Development Software for Business - Salesforce.com.
I added the following to my application controller:
before_filter :set_ssl
def set_ssl
request.env[“HTTPS”] = “on”
end
My default route goes to :controller => ‘website’.
This code in the application controller has the intended effect when I
navigate to http://www.site.com - that is, I end up at
Custom Application Development Software for Business - Salesforce.com.
However, when I navigate to Custom Application Development Software for Business - Salesforce.com, it
doesn’t redirect to the https protocol - I end up at
Custom Application Development Software for Business - Salesforce.com.
Can anyone help me out and explain why the code I put in fires for the
root of the site but not for a more specific url? Or… anyone have
other ideas or solutions that are accomplished via code completely
within my rails application? Is there a way to do this with routes?
Thanks.
c.
You would be better of just redirecting, rather than just changing the
env variables on the server as HTTPS setup requires the browser and
server negotiation.
application_controller.rb
before_filter :redirect_to_ssl
def redirect_to_ssl
redirect_to :protocol => “https://” unless (@request.ssl? or
local_request?)
end
(after
http://www.busyashell.com/blog/articles/2006/10/20/how-to-force-https-without-a-host-in-rails)
You would be better of just redirecting, rather than just changing the
env variables on the server as HTTPS setup requires the browser and
server negotiation.
application_controller.rb
before_filter :redirect_to_ssl
def redirect_to_ssl
redirect_to :protocol => “https://” unless (@request.ssl? or
local_request?)
end
(after
http://www.busyashell.com/blog/articles/2006/10/20/how-to-force-https-without-a-host-in-rails)
I appreciate the idea and the link. However, that puts my site in a loop
that fails after a second or two with a “The page isn’t redirection
properly” error. FYI I’m using login_engine and user_engine on this
site, not sure if that affects anything, but there are a couple of other
before_filters relating to authorizing the action and logging in via
cookie.
Any ideas?
tks.
Andrew S. wrote:
Cayce B. wrote:
I appreciate the idea and the link. However, that puts my site in a loop
that fails after a second or two with a “The page isn’t redirection
properly” error. FYI I’m using login_engine and user_engine on this
site, not sure if that affects anything, but there are a couple of other
before_filters relating to authorizing the action and logging in via
cookie.
Any ideas?
tks.
Hmmm.
Sounds like it’s doing too many redirects. Does the page your visiting
require login to access?
I am not familiar with engines (yet), so can’t help there…
That page, no - other pages on the site yes. In any case - I have
something to research - I appreciate you getting me headed in a better
direction.
c.
Cayce B. wrote:
I appreciate the idea and the link. However, that puts my site in a loop
that fails after a second or two with a “The page isn’t redirection
properly” error. FYI I’m using login_engine and user_engine on this
site, not sure if that affects anything, but there are a couple of other
before_filters relating to authorizing the action and logging in via
cookie.
Any ideas?
tks.
Hmmm.
Sounds like it’s doing too many redirects. Does the page your visiting
require login to access?
I am not familiar with engines (yet), so can’t help there…
If you’re on shared hosting, it may be difficult to add the https,
since by nature https encrypts at the server/port level.
see: SSL/TLS Strong Encryption: FAQ - Apache HTTP Server
on why it’s impossible to do use Name-Based Virtual Hosting to
identify different SSL virtual hosts. unless you’re the only one on
that box or have a separate IP and the host isn’t currently using port
443…
–
Charles Brian Q.
self-promotion: www.seebq.com
highgroove studios: www.highgroove.com
slingshot hosting: www.slingshothosting.com
678.389.9462
Ruby on Rails Bootcamp at the Big Nerd Ranch
Intensive Ruby on Rails Training:
http://www.bignerdranch.com/classes/ruby.shtml
Charles Brian Q. wrote:
If you’re on shared hosting, it may be difficult to add the https,
since by nature https encrypts at the server/port level.
Understood, as such this host requires a dedicated IP when you get your
SSL certificate.
Update - per my host tech support, the reason this is happening is that
Apache proxies all requests - http:// and https:// - to Mongrel using
http:// protocol. So - Mongrel and subsequently rails has no idea which
session is SSL unless you use a header rewrite to add a flag for rails
to know it’s ssl (this is the solution documented elsewhere on the web).
Thanks for assistance, all.
c.