Forum: Ruby on Rails SslRequirement module

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Ace7fa5337acbdf5897a6fc035897580?d=identicon&s=25 Ryan Sobol (Guest)
on 2007-06-26 22:42
(Received via mailing list)
This is a question is about the SslRequirement rails plugin.  However,
it's also about core concepts behind ruby modules.

Here's the code for the plugin.

Here's an example of how you use it.

I've used this plugin all over the place in my app.  But now, I want
to do some performance testing on the app WITHOUT using https (mainly
because I don't have control over port 443 on the test machine).
Ideally, I want to add a toggle variable to the module that I can set
from an environment file or application_controller if I must.  What I
don't want to do is go around the app and comment out all my
ssl_required statements.

I'm at a loss as where to inject this toggle, and whether it should be
a class variable or class instance variable or maybe something
completely different.  Any and all advice is welcome.


PS - Yes, I've double posted this in the rails talk and ruby
discussion groups.
Db303dc84d03a992b33cd3ac978f89ae?d=identicon&s=25 Benjamin Curtis (Guest)
on 2007-06-27 00:37
(Received via mailing list)
You could change the third line of the ensure_proper_protocol method
in the plugin like so:

if ssl_required? && !request.ssl? && RAILS_ENV == 'production'

Or you could use your imagination and make some similar kind of
change somewhere in that method based on an environment variable, a
constant you set in one of the environment config files, etc.

Basically, you just want that method to not redirect and return
false, and there a number of ways you could accomplish that.

Benjamin Curtis -- blog -- build e-commerce
sites with Rails
Ace7fa5337acbdf5897a6fc035897580?d=identicon&s=25 Ryan Sobol (Guest)
on 2007-06-27 07:40
(Received via mailing list)
Ya, I saw that in another post here.  That would work fine, but I feel
there is a better way -- A meta-programming way.  Unfortunately, I'm
still getting my feet wet with injecting class variables / class
instance variables via eval.  I know it's more advanced then most
rails talk, but any insight is appreciated.

Db303dc84d03a992b33cd3ac978f89ae?d=identicon&s=25 Benjamin Curtis (Guest)
on 2007-06-27 14:32
(Received via mailing list)
Sure, you could do a variety of more clever things like stub a method
in the plugin that can be overridden in the controller, like
acts_as_authenticated does with the authorized method.  However, I
don't know that doing something like that is really better than a
simple tweak to the plugin.
This topic is locked and can not be replied to.