Reputation: 63
Force SSL for http requests in Rails
I'm working on a platform built with Ruby(v2.1.2) on Rails(v4.1.6) and we're trying to enforce SSL. How do I go about doing this?
So far, I have force_ssl
# application_controller.rb
force_ssl if: :ssl_configured?
def ssl_configured?
return false if params[:controller] == 'high_voltage/pages'
(Rails.env.development? || Rails.env.test?) ? false : true
end
Which seems to work because when I try to do http://www.somecoolsite.com, it then automatically becomes https://www.somecolesite.com.
However, if I try to submit a JSON post request to the API portion of our platform, and the URL is http://, the post request is somehow returning the results of a get request instead. But when I change the URL to https://, the post request works as expected. How would I go about fixing this so that if a client accidentally submits their request as http://, it is rewritten to https://?
Thanks!
Upvotes: 0
Views: 1100
Answers (1)
Reputation: 600
Have you looked at using config.force_ssl = true in your production environment config? This is far more all-encompassing, but can lead to other issues as well.
Upvotes: 2
Related Questions
- Opposite of Force_SSL in Rails?
- Force https in a Rails 4 route
- http.rb: how to disable ssl verification
- How can I force Rails to only use TLS over SSL?
- How to set Ruby SSL method
- SSL configuration
- SSL with Ruby on Rails
- Rails Https redirect to http
- Accept only HTTPS requests in Ruby on Rails
- How do I tell my rails form to use https?