Forum: Ruby on Rails how to force https: browsing on your app

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Bb97327d13788335cb459d10e3c3ce01?d=identicon&s=25 John Henderson (Guest)
on 2007-01-24 22:28
hi,

i've got my app running on a dedicted linux box running lighttpd.

i have an ssl certificate installed and if i go to https://mysite.com
then i get to view the site over a secure connection as expected.

however, if the user just enters www.mysite.com then the browser will
use http: by default instead of https:.

does anyone know how to force connections to use https, or how to
redirect urls with http: to their https: equivalent?


-john
2f9a03aa0fcfe945229cb6126eda2cb2?d=identicon&s=25 Philip Hallstrom (Guest)
on 2007-01-25 00:30
(Received via mailing list)
> i've got my app running on a dedicted linux box running lighttpd.
>
> i have an ssl certificate installed and if i go to https://mysite.com
> then i get to view the site over a secure connection as expected.
>
> however, if the user just enters www.mysite.com then the browser will
> use http: by default instead of https:.
>
> does anyone know how to force connections to use https, or how to
> redirect urls with http: to their https: equivalent?

Somewhere within the 'request' object there's got to be a protocol
attribute.  If that's not "https" then redirect them.  You could do this
check as a before_filter in application.rb to cover all your bases.

-philip
C4dc94c893471878a105761a9207f29b?d=identicon&s=25 Zack Chandler (Guest)
on 2007-01-25 02:36
(Received via mailing list)
On 1/24/07, Philip Hallstrom <rails@philip.pjkh.com> wrote:
> > redirect urls with http: to their https: equivalent?
>
> Somewhere within the 'request' object there's got to be a protocol
> attribute.  If that's not "https" then redirect them.  You could do this
> check as a before_filter in application.rb to cover all your bases.
>
> -philip
>
> >
>

Philip,

The ssl_requirement plugin by DHH is highly recommended for this type
of thing.  Very easy to use.

Repos:
http://dev.rubyonrails.org/browser/plugins/ssl_requirement

Install:
$./script/plugin install ssl_requirement

--
Zack Chandler
http://depixelate.com
This topic is locked and can not be replied to.