Forum: Ruby on Rails SSL In Production

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
lists (Guest)
on 2005-11-12 12:50
(Received via mailing list)
We're building a store in Rails.

In production, I'd like the URLs that go through the check-out process
to
change - they need to be https intead of http.

The catch is that in development, I'd rather not have to setup SSL to be
able to flow through the app.

How are others handing SSL in Rails apps that only need it for bits?

It might be possible to have Apache on the production server re-write
the
checkout URLs. Is that a good solution?

Thanks,
Hunter
jeremy (Guest)
on 2005-11-12 12:50
(Received via mailing list)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Nov 11, 2005, at 3:59 PM, Hunter Hillegas wrote:
> How are others handing SSL in Rails apps that only need it for bits?
>
> It might be possible to have Apache on the production server re-
> write the
> checkout URLs. Is that a good solution?

The ssl_requirement plugin is right down your alley.

http://dev.rubyonrails.org/browser/plugins/ssl_requirement

With a bit of tweaking, you could enable it in production only.
Setting up a local cert isn't so bad, either.

Best,
jeremy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)

iD8DBQFDdThQAQHALep9HFYRAobGAKCFYC+EuZEHQd6oFZRtI8h0Wiq8wQCgyCtC
69JpR7S3a3M7pqreD8H8R5c=
=34p0
-----END PGP SIGNATURE-----
jennyw (Guest)
on 2005-11-12 12:50
(Received via mailing list)
Hunter Hillegas wrote:

>We're building a store in Rails.
>
>
Yay! I will be doing an e-commerce project soon, and I love hearing
other people doing so, too -- the more the merrier (and the more people
to share ideas with).

>In production, I'd like the URLs that go through the check-out process to
>change - they need to be https intead of http.
>
>The catch is that in development, I'd rather not have to setup SSL to be
>able to flow through the app.
>
>
Honestly, I'd probably set my development server to use SSL so I can see
any weird SSL related issues while developing.

However, an easy way I can think of to do what you're asking would be to
put in a replacement for url_for in your application_helper.rb. This
would be the same as the current one, except that it would check to see
if RAILS_ENV == "development". If so, and if :protocol => "https://",
then you'd change it to "http://".

Jen
This topic is locked and can not be replied to.