Working with SSL in any web framework can be challenging. Making sure that inbound links use HTTPS and outbound (insecure) revert back to HTTP can be a PITA if you have to do it manually.
Thankfully the ssl_requirement plugin works lovely.
The idea is simple: add a filter to your controller that says “this action needs to be protected by SSL”, and that’s it. For the pages NOT under SSL “it just works” as well.
Here’s what we have on the Tekpub Sessions Controller:
if Rails.env == 'production' ssl_required :login, :register, :reset, :remind, :openid end
There’s a check in there for the environment (no need to do it for development) and if a user heads to the :login action under HTTP, they are 302’d off to “HTTPs”.
Simple.
My name is Rob Conery and I am the owner/smooth operator of Tekpub, creator of
This Developer's Life, and an avid Ruby/Rails/.NET developer.
Find Something
