Rails 3 SSL Deprecation

Question

I am upgrading an application to Rails 3.0.0 and am wondering if the standard method for adding SSL has changed (I vaguely remember demos indicating the router could now handle SSL, though I'm not sure if it was just for demonstration purposes). I currently use the "ssl_requirement" gem, however it gives:

DEPRECATION WARNING: Using #request_uri is deprecated. Use fullpath instead. (called from ensure_proper_protocol at /Library/Ruby/Gems/1.8/gems/ssl_requirement-0.1.0/lib/ssl_requirement.rb:53)

Also, it appears to break when handling the new 'data-method' attributes. For example:

<%= link_to "Logout", user_path, :method => :delete %>

Works fine when accessing from an SSL section of the application, but fails (attempts to render show action) when followed from a non-SSL section (all actions in the user controller require SSL, although I understand that the destroy action does not transmit secure data).

Answer 1

It's indeed pretty simple in Rails 3. In config/routes.rb:

MyApplication::Application.routes.draw do
  resources :sessions, :constraints => { :protocol => "https" }
end

Or if you need to force SSL for multiple routes:

MyApplication::Application.routes.draw do
  scope :constraints => { :protocol => "https" } do 
    # All your SSL routes.
  end
end

And linking to SSL routes can be done like this:

<%= link_to "Logout", sessions_path, :method => :delete, :protocol => "https" %>

If you wish to automatically redirect some controllers (or actually, some subpaths) to an equivalent https-based URL, you can add something like this to your routes (I wish this part were simpler):

# Redirect /foos and anything starting with /foos/ to https.
match "foos(/*path)", :to => redirect { |_, request|
  "https://" + request.host_with_port + request.fullpath }