Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
SSL Requirement plugin
branch: master

This branch is 29 commits ahead of rails:master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib
test
Gemfile
Gemfile.lock
README.markdown
Rakefile
grosser-ssl_requirement.gemspec

README.markdown

Fork of ssl_requirement to add

  • if a action is ssl_allowed and ssl_required -- it is ssl_required
  • support :all
  • ssl_required == ssl_required :all
  • allow attributes as array ssl_required [:login, :register]
  • allow strings as attributes ssl_required 'login', 'register' / ssl_required %w[login register]
  • running tests
  • ability to overwrite ssl_host, to make custom host changes e.g. def ssl_host; request.sll? ? 'xxx.com' : 'yyy.com';end
  • added :except option to exclude actions
  • added rails3 compatibility

Install

As Gem

gem install grosser-ssl_requirement

Add to Gemfile
gem 'grosser-ssl_requirement', :require => 'ssl_requirement'

As plugin

rails plugin install git://github.com/grosser/ssl_requirement.git

SSL Requirement

  • redirect https to http by default
  • redirect http requests to https with ssl_required
  • allow https and http with ssl_allowed

Example:

class ApplicationController < ActionController::Base
  include SslRequirement
end

class AccountController < ApplicationController
  ssl_required :signup, :payment
  ssl_allowed :index

  def signup
    # Non-SSL access will be redirected to SSL
  end

  def payment
    # Non-SSL access will be redirected to SSL
  end

  def index
    # This action will work either with or without SSL
  end

  def other
    # SSL access will be redirected to non-SSL
  end
end

You can overwrite the protected method ssl_required? to rely on other things than just the declarative specification. Say, only premium accounts get SSL.

When including SslRequirement it adds before_filter :ensure_proper_protocol.

Separate ssl host?

class ApplicationController < ActionController::Base
  include SslRequirement

  def ssl_host
    Rails.env.production ? 'myhost.com' : request.host
  end
end

No ssl in development? (not recommended, TATFT)

class ApplicationController < ActionController::Base
  include SslRequirement
  skip_before_filter :ensure_proper_protocol unless Rails.env.production?
end

Authors

Original

Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license

Additions

Something went wrong with that request. Please try again.