The visitor I was walking through the app with (over the phone) was
getting warnings as she advanced from page to page that she was “being
redirected to a non-secure page.” If she clicked OK, she was taken to
https:// the_next_page. This happened on every page within the app.
What could be causing this? The entire site is secured. All of the
pages advance via a button that’s a form_tag{:controller =>
‘some_controller’, :action => ‘some_action’} with nothing in the form
but the submit_tag. All the pages are being served from the app by
mongrel through Apache to the browser.
This is the only visitor that’s seen this behavior, but I assume that if
she saw it, others will too. She was accessing the site from her office
at Adobe, so I assume there’s some pretty heavy firewall stuff going on.
Could something on her end be causing this?
Looks like your “mainnav” links are hard-coded to http,
not https.
That was a good catch. I’d forgotten to change that. Unfortunately,
that
wasn’t it.
Are you using link_to everywhere?
No. The problem looks to be caused when I’m doing a redirect_to from
one
controller method to another. That generates a 302 header which IE 6 is
having a problem with.
Do you (or anyone reading this) know if the 302 header says anything
about
where the move is headed? Like maybe there’s a default setting that
says
“going to http://”+new_location that I could override and get to say
“going
to https://”+new_location ? Do routes maybe figure in this somehow?
Any
ideas are very, very welcome.
I’ve used this before to force everything to https:
In application.rb:
Force https usage for all links and redirects
Only do this in production-ish modes, though, because localhost
probably doesn’t have SSL enabled
if %w(production staging demo etc).include?(ENV[‘RAILS_ENV’])
def default_url_options(options)
{ :protocol => ‘https://’ }
end
end
As for the redirects, your log should have a line like this:
Redirected to http://127.0.0.1:3000/
Completed in 0.09400 (10 reqs/sec) | DB: 0.09400 (100%) | 302 Found
[http://127.0.0.7/etc/show]
That’d show you if you’re being redirected to https or not. I’d try
the first thing to see if it worked, though. If anyone else has a
reason not to do that, I’d like to hear it, too. It’s worked okay for
me for several months, though.