Fork of ssl_requirement to add
- if a action is ssl_allowed and ssl_required -- it is ssl_required
- support :all
- allow attributes as array
ssl_required [:login, :register]
- allow strings as attributes
ssl_required 'login', 'register'/
ssl_required %w[login register]
- running tests
- ability to overwrite ssl_host, to make custom host changes e.g.
def ssl_host; request.sll? ? 'xxx.com' : 'yyy.com';end
- added :except option to exclude actions
- added rails3 compatibility
gem install grosser-ssl_requirement
Add to Gemfile
gem 'grosser-ssl_requirement', :require => 'ssl_requirement'
rails plugin install git://github.com/grosser/ssl_requirement.git
- redirect https to http by default
- redirect http requests to https with
- allow https and http with
class ApplicationController < ActionController::Base include SslRequirement end class AccountController < ApplicationController ssl_required :signup, :payment ssl_allowed :index def signup # Non-SSL access will be redirected to SSL end def payment # Non-SSL access will be redirected to SSL end def index # This action will work either with or without SSL end def other # SSL access will be redirected to non-SSL end end
You can overwrite the protected method ssl_required? to rely on other things than just the declarative specification. Say, only premium accounts get SSL.
When including SslRequirement it adds
Separate ssl host?
class ApplicationController < ActionController::Base include SslRequirement def ssl_host Rails.env.production ? 'myhost.com' : request.host end end
class ApplicationController < ActionController::Base include SslRequirement skip_before_filter :ensure_proper_protocol unless Rails.env.production? end
Copyright (c) 2005 David Heinemeier Hansson, released under the MIT license