Tired of managing certificates? Automate it with ZeroSSL   Learn about ZeroSSL Automation x

Ruby on Rails SSL configuration

Michael Gorsuch posts about how to quickly set up your Ruby on Rails application to use SSL.

I was trying to think up the “Ruby Way” to add SSL support to AreYouHiring.com for credit card payments. I surprised myself with this one.

Assuming that you already have an SSL cert installed for your app, add the following to your application.rb under app/controllers:

def require_ssl
redirect_to :protocol => "https://" unless (request.ssl? or local_request?)
end

Now, we just need to add a before_filter for the actions that need it. I opened up my Job controller, and added the following line:

before_filter :require_ssl, :only => [:preview, :card_payment]

To test this stuff out, I built the following functional tests for my Job controller:

def test_preview
request.env[‘HTTPS’] = ‘on’
get :preview, :id => jobs(:first).id

assert_response :success
assert @request.ssl?
assert assigns(:job).valid?
assert assigns(:payment)
end

def test_preview_without_ssl
get :preview, :id => jobs(:first).id
assert_response :redirect
assert_redirected_to :protocol => “https://”
end

For brevity’s sake, I am only showing the code that tests the ‘preview’ action of the Job controller. Notice that I built one test to hit the action with SSL, which should function as normal, and another to hit the action without it.

So there you go, SSL in just a few minutes. It still amazes me how much you can get done in no time with the Ruby on Rails framework.

Adding SSL to your Rails App in 5 Minutes - [Styled Bits]

Another helpful link about redirecting to https can be found here. In case you still have questions, check out these other Ruby on Rails SSL tutorials:

Originally posted on Thu Aug 2, 2007

Comments


ace(2014-12-13)

But how to make it work when your server runs on port 3000 and your https server runs on 3443 ?

John5342(2014-12-13)

I realise this post is old but should warn people this method is great if the page is displaying secure data but useless if the user is sending sensitive data. For logins for instance the password would be sent in cleartext before the user is finally redirected.

verma(2014-12-13)

When i followed the above procedure i am getting the error as redirected loop error how can i solve this please help me out .

aceansr(2014-12-13)

I agree with you ace. It would be more safe with running on unusual port.
http://kiranatama.com

r0g3r(2014-12-13)

Simple.

redirect_to :protocol => "https://", :port => '3443' unless (request.ssl? or local_request?)

Harsh Deep(2016-12-02)

I understand what you are doing here, but I think it's just simpler to enable it in the config file, most of the time it's already commented out.

Advertisement • Hide