ansaurus

Question

Answer 1

A:

Open the class that has redirect_to and add a method redirect_to_secure_of with an appropriate implementation. Then call:

redirect_to_secure_of "/some_directory/"

Put this method in the lib directory or somewhere useful.

Justice 2009-11-02 16:30:28

Thanks, but I'm looking for a little more detail than "an appropriate implementation."

X3Maverick 2009-11-02 16:56:17

Sorry, I thought you were asking how to make the *calling* code clean.

Justice 2009-11-02 17:17:48

Answer 2

A:

Relative URLs, by definition, use the current protocol and host. If you want to change the protocol being used, you need to supply the absolute URL. I would take Justice's advice and create a method that does this for you:

def redirect_to_secure(relative_uri)
  redirect_to "https://" + request.host + relative_uri
end

Michael Sepcot 2009-11-02 17:48:44

Answer 3

A:

The ActionController::Base#redirect_to method takes an options hash, one of the parameters of which is :protocol which allows you to call:

redirect_to :protocol => 'https://', 
            :controller => 'some_controller', 
            :action => 'index'

See the definition for #redirect_to and #url_for for more info on the options.

Alternatively, and especially if SSL is to be used for all your controller actions, you could take a more declarative approach using a before_filter. In ApplicationController you could define the following method:

def redirect_to_https
    redirect_to :protocol => "https://" unless (request.ssl? || local_request?)
end

You can then add filters in your those controllers which have actions requiring SSL, e.g:

class YourController
    before_filter :redirect_to_https, :only => ["index", "show"]
end

Or, if you require SSL across your entire app, declare the filter in ApplicationController:

class ApplicationController
    before_filter :redirect_to_https
end

Olly 2009-11-03 00:03:28

You can use `:protocol => 'https://'` iff you are passing a hash to `redirect_to` if you are passing a relative URL like in the question above, that will not work. I agree that a `before_filter` is the better way to go in general.

Michael Sepcot 2009-11-03 15:13:49

Answer 4

+1 A:

You're probably better off using ssl_requirement and not caring if a link or redirect is or isn't using https. With ssl_requirement, you declare which actions require SSL, which ones are capable of SSL and which ones are required not to use SSL.

If you're redirecting somewhere outside of your Rails app, then specifying the protocol as Olly suggests will work.

Andy Gaskell 2009-11-03 02:38:04

ansaurus

tags:

views:

answers:

Rails redirect with https

related questions