Ruby on Rails SSL configuration

Michael Gorsuch posts about how to quickly set up your Ruby on Rails application to use SSL.

I was trying to think up the “Ruby Way” to add SSL support to AreYouHiring.com for credit card payments. I surprised myself with this one.

Assuming that you already have an SSL cert installed for your app, add the following to your application.rb under app/controllers:

def require_ssl
redirect_to :protocol => "https://" unless (request.ssl? or local_request?)
end

Now, we just need to add a before_filter for the actions that need it. I opened up my Job controller, and added the following line:

before_filter :require_ssl, :only => [:preview, :card_payment]

To test this stuff out, I built the following functional tests for my Job controller:

def test_preview
request.env[‘HTTPS’] = ‘on’
get :preview, :id => jobs(:first).id

assert_response :success
assert @request.ssl?
assert assigns(:job).valid?
assert assigns(:payment)
end

def test_preview_without_ssl
get :preview, :id => jobs(:first).id
assert_response :redirect
assert_redirected_to :protocol => “https://”
end

For brevity’s sake, I am only showing the code that tests the ‘preview’ action of the Job controller. Notice that I built one test to hit the action with SSL, which should function as normal, and another to hit the action without it.

So there you go, SSL in just a few minutes. It still amazes me how much you can get done in no time with the Ruby on Rails framework.

Adding SSL to your Rails App in 5 Minutes - [Styled Bits]

Another helpful link about redirecting to https can be found here. In case you still have questions, check out these other Ruby on Rails SSL tutorials:

Originally posted on Thu Aug 2, 2007