Forum: Ruby on Rails ssl_requirement redirecting to http from an https screen

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
C84750d2a27eb19a6aaa297be2db2bbc?d=identicon&s=25 Noah (Guest)
on 2007-03-30 01:24
I installed the ssl_requirement plugin & got it working w/my server
(lighty scgi) without too much difficulty.

I have some pages that require ssl (login for example) and some pages
that do not.  My problem is that once the site's been redirected to an
ssl_required action, I don't seem to be able to redirect back to a
non-ssl required page.

From some of the searching I've done on Google, it seems that the
expectation is that once you've switched over to an ssl page, you're not
supposed to go back.  I think this is a major hassle as it means that I
have to mark every action in my controllers w/the ssl_allowed parameter
and I have a lot of them.

Is there someone out there who knows how to make this work?

Thx
Noah
4715ae8a9ac5152600ccd3012267ab6b?d=identicon&s=25 James Stewart (Guest)
on 2007-03-30 02:13
(Received via mailing list)
On Mar 29, 2007, at 7:24 PM, Noah wrote:
> you're not
> supposed to go back.  I think this is a major hassle as it means
> that I
> have to mark every action in my controllers w/the ssl_allowed
> parameter
> and I have a lot of them.
>
> Is there someone out there who knows how to make this work?

If you meant that you want some actions to only be accessed over
http, you might want to do something like the following:

class MyController < ApplicationController
   before_filter :redirect_to_http, :except => :my_ssl_action

   def redirect_to_http
     redirect_to :protocol => "http://" and return false if
@request.ssl?
   end

end


James.

--
James Stewart
Play: http://james.anthropiccollective.org
Work: http://jystewart.net/process/
C84750d2a27eb19a6aaa297be2db2bbc?d=identicon&s=25 Noah Stern (nfstern)
on 2007-03-30 04:07
Thanks for the reply James, but the ssl_requirement already contains
this.

def ensure_proper_protocol
  return true if ssl_allowed?
  if ssl_required? && !request.ssl?
     redirect_to "https://" + request.host + request.request_uri
     return false
  elsif request.ssl? && !ssl_required?
     redirect_to "http://" + request.host + request.request_uri
     return false
  end
end

I put some debug statments in the code and got this in my log:
ssl_required? && !ssl_required? evaluated to true => /login/signin
Redirected to http://localhost/login/signin

So Rails seems to be intercepting it properly, the problem is that in my
browser, the url is this: https://localhost/login/signin

Somehow, (in Lighty maybe?) it never gets changed.

But thanks for the suggestion.

Noah


James Stewart wrote:
> On Mar 29, 2007, at 7:24 PM, Noah wrote:
>> you're not
>> supposed to go back.  I think this is a major hassle as it means
>> that I
>> have to mark every action in my controllers w/the ssl_allowed
>> parameter
>> and I have a lot of them.
>>
>> Is there someone out there who knows how to make this work?
>
> If you meant that you want some actions to only be accessed over
> http, you might want to do something like the following:
>
> class MyController < ApplicationController
>    before_filter :redirect_to_http, :except => :my_ssl_action
>
>    def redirect_to_http
>      redirect_to :protocol => "http://" and return false if
> @request.ssl?
>    end
>
> end
>
>
> James.
>
> --
> James Stewart
> Play: http://james.anthropiccollective.org
> Work: http://jystewart.net/process/
This topic is locked and can not be replied to.