Forum: Ruby on Rails SSL Requirement plugin

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
37ba13af1c2b22d859d8fc58cad6cda3?d=identicon&s=25 Peter Piper (Guest)
on 2006-03-30 17:47
Is there any way to have the plugin require SSL to be used for all
actions in a controller and just specify the ones you dont want to
require SSL using ssl_allowed?

  class ApplicationController < ActiveRecord::Base
    include SslRequirement
    ssl_required *.*


Many thanks.


Also I could of course combine this with local.request? so that when
developing locally http is allowed, but when in production the
ssl_required kicks in.
2c80e1b0837eec76d38d4f7fa1c15e87?d=identicon&s=25 Michael Gorsuch (Guest)
on 2006-03-30 17:51
(Received via mailing list)
Here's how I'm doing it:

  before_filter :require_ssl, :except => [:some_action, :other_action]

  def require_ssl
    if !@request.ssl?
      redirect_to :protocol => "https://"
    end
  end

On 3/30/06, Peter Piper <peter@nospam.org> wrote:
>
> http://lists.rubyonrails.org/mailman/listinfo/rails
>


--
http://www.michaelgorsuch.org
2c80e1b0837eec76d38d4f7fa1c15e87?d=identicon&s=25 Michael Gorsuch (Guest)
on 2006-03-30 17:54
(Received via mailing list)
You could also chain a statement for local requests - something like:

if !@requst.ssl? and !@requiest.local
...


On 3/30/06, Michael Gorsuch <michael.gorsuch@gmail.com> wrote:
> On 3/30/06, Peter Piper <peter@nospam.org> wrote:
> >
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
>
>
> --
> http://www.michaelgorsuch.org
>


--
http://www.michaelgorsuch.org
E6dd23eae05b2e5bf7bd794fcf138325?d=identicon&s=25 Peter (Guest)
on 2006-03-31 11:58
Thanks  Michael, Are you not using the SSL_require plugin then, just
doing your own version, looks pretty stright forward!
0727907ae68db2e8ebc1ea1b01f00d69?d=identicon&s=25 Dan Webb (Guest)
on 2006-03-31 13:15
(Received via mailing list)
I have similar:

 # Adds a filter that requires ssl.
  def self.require_ssl(options={})
    before_filter :require_ssl, options
  end

def require_ssl
    if ENV['RAILS_SSL'] == 'on'
      request.env['HTTPS'] = 'on'
      raise SSLRequiredError if !request.ssl?
    end
end

Then in controllers:

require_ssl :only => 'login'

etc..

This way I can set an environment variable to turn it on or off and
rather than redirecting it actually raises an exception.  Just a
variation....

On 3/31/06, Peter <P@no.com> wrote:
>
--
Dan Webb
http://www.danwebb.net
This topic is locked and can not be replied to.