Most Popular

Login:

Your Login Details


Forget Your Password?

Create an account

Ruby on Rails SSL configuration

Michael Gorsuch posts about how to quickly set up your Ruby on Rails application to use SSL.

I was trying to think up the “Ruby Way” to add SSL support to AreYouHiring.com for credit card payments. I surprised myself with this one.

Assuming that you already have an SSL cert installed for your app, add the following to your application.rb under app/controllers:

def require_ssl
    redirect_to :protocol => "https://" unless (request.ssl? or local_request?)  
  end

Now, we just need to add a before_filter for the actions that need it. I opened up my Job controller, and added the following line:

before_filter :require_ssl, :only => [:preview, :card_payment]

To test this stuff out, I built the following functional tests for my Job controller:

def test_preview
    request.env[‘HTTPS’] = ‘on’
    get :preview, :id => jobs(:first).id

    assert_response :success
    assert @request.ssl?   
    assert assigns(:job).valid?
    assert assigns(:payment)
  end

  def test_preview_without_ssl
    get :preview, :id => jobs(:first).id
    assert_response :redirect
    assert_redirected_to :protocol => “https://”
  end

For brevity’s sake, I am only showing the code that tests the ‘preview’ action of the Job controller. Notice that I built one test to hit the action with SSL, which should function as normal, and another to hit the action without it.

So there you go, SSL in just a few minutes. It still amazes me how much you can get done in no time with the Ruby on Rails framework.

Adding SSL to your Rails App in 5 Minutes - [Styled Bits]

Another helpful link about redirecting to https can be found here. In case you still have questions, check out these other Ruby on Rails SSL tutorials:

Digg del.icio.us Reddit

Posted on August 02, 2007
verma
Posts: 5
Comment
Redirect loop error
Reply #5 on : Thu October 20, 2011, 23:08:57
When i followed the above procedure i am getting the error as redirected loop error how can i solve this please help me out .
aceansr
Posts: 5
Comment
Re: Ruby on Rails SSL configuration
Reply #4 on : Wed March 30, 2011, 03:49:57
I agree with you ace. It would be more safe with running on unusual port.
http://kiranatama.com
John5342
Posts: 5
Comment
Re: Ruby on Rails SSL configuration
Reply #3 on : Tue July 21, 2009, 06:16:40
I realise this post is old but should warn people this method is great if the page is displaying secure data but useless if the user is sending sensitive data. For logins for instance the password would be sent in cleartext before the user is finally redirected.
r0g3r
Posts: 5
Comment
Re: Port change
Reply #2 on : Tue August 21, 2007, 14:40:18
Simple.

redirect_to :protocol => "https://", :port => '3443' unless (request.ssl? or local_request?)
ace
Posts: 5
Comment
Re: Ruby on Rails SSL configuration
Reply #1 on : Mon August 06, 2007, 19:09:40
But how to make it work when your server runs on port 3000 and your https server runs on 3443 ?

Write a comment


If you have trouble reading the code, click on the code itself to generate a new random code.
Security Code:
 
Post Comment