Skip to content
This repository


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Example app that shows how to use Rack::SSL and Rack::Auth::Basic to forward all requests to SSL, then password protect them.

branch: master

add readme

latest commit be04fda628
Luke Francl authored July 13, 2011
Octocat-spinner-32 Gemfile example app July 13, 2011
Octocat-spinner-32 Gemfile.lock example app July 13, 2011
Octocat-spinner-32 Procfile example app July 13, 2011
Octocat-spinner-32 README.markdown add readme July 13, 2011
Octocat-spinner-32 app.rb example app July 13, 2011


This sample Sinatra application demonstrates how to chain Rack middleware to force requests to SSL and then require a HTTP Basic password for all requests. It uses Rack::SSL to redirect to SSL and Rack::Auth::Basic for HTTP Basic auth.

This is useful because Rack::Auth::Basic only works for all requests, otherwise you need to write a helper. So if your root action is responsible for redirecting to SSL and you only want passwords sent over SSL, you can't use Rack::Auth::Basic. Also, the approach of chaining middleware is much cleaner.

This code is written for the Heroku Cedar stack. To see a demo, visit

Local development

For local development it can be convenient to skip SSL. You can do that with code like this:

use Rack::SSL, :exclude => lambda { |env| ENV['RACK_ENV'] != 'production' }


This is a trivial amount of code. Do what ever you want with it.

Something went wrong with that request. Please try again.