tags:

views:

89

answers:

2
Q: 

How can I change Rails view code for site visitors using SSL?

My Rails app has some pages which are SSL-required and others which are SSL-optional. The optional pages use some assets which are served off-site (images from a vendor) which have both http and https URLs. I need to use https when the page is accessed via SSL to avoid the dreaded "this page contains both secure and insecure elements" warning.

I've written code to return the image URLs as http by default and https if requested. My problem now is determining in the view how the request came in. request.ssl? doesn't work in views.

I've tried using a before_filter which sets something like @ssl_request using request.ssl?, but that also always returns false. Is there a more elegant way to do this?

The server stack is Nginx and Passenger. Other apps with Apache => Mongrel stacks pass an X_FORWARDED_PROTO header to tell Rails that SSL is or isn't being used; is it possible that Nginx/Passenger doesn't do this?

+1  A:  
<img src="//cdn.example.com/images/99dbe20bc52e4caa.jpg">
Justice  2010-03-31 15:08:01
Clever, but the domains are different in this case, e.g. cdn.example.com and cdn-secure.example.com.
pjmorse  2010-03-31 15:50:50
Then you may need more complicated server-side logic. But I'm just curious, why do you have two separate CDN domains for HTTP and HTTPS?
Justice  2010-03-31 16:54:52
They're not mine - they're Amazon's. Product photos are at http://ecx.images-amazon.com or https://images-na.ssl-images-amazon.com . I don't know why they did it that way.
pjmorse  2010-04-01 14:59:43
+1  A: 

Try a before_filter in application.rb:

before_filter { |c| UMNAuthFilter.filter(c) if c.request.ssl? }

EDITed to add correctness :)

Chris McCall  2010-03-31 15:19:53
This blog post doesn't say anything about how to tell whether the request was http or https within the view; it's all about how to control whether links within the app appear as http or https.
pjmorse  2010-03-31 16:12:19
The edited version looks promising, but request.ssl? still returns false in all cases. I'm still suspecting there's some place in the Nginx->Passenger->Rails chain where the word that the request is SSL is getting dropped.
pjmorse  2010-04-01 15:01:12
Kicked the server a few more times and got that working.
pjmorse  2010-04-02 02:53:40

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.