Bob
Reputation: 8504
Enable SSL for certain resource actions
My setup: Rails 3.0.9, Ruby 1.9.2
I wish to enable SSL only for the create action for projects, how do I do that? Currently I have
resources :projects, :constraints => { :protocol => 'https' }, :only => :create
resources :projects, :except => :create
I don't think that's quite right though.
UPDATED
I have since changed it to
match 'projects' => 'projects#create', :constraints => { :protocol => 'https' }, :via => :post
resources :projects, :except => :create
I think this is better but is there yet a better way of doing it?
Upvotes: 0
Views: 369
Answers (1)
icecream
Reputation: 1425
Although you could create a custom constraint class to move the SSL logic out of the resource declarations, I recommend this gem. It will keep your routes file clean and force SSL only in production. (That logic could be baked into the custom constraint as well, but you would also have to manage the form links too.) You would do
class ProjectsController
include ::SslRequirement
ssl_required :create
end
<%= form_for(@project, projects_url(:secure => true)) do |f| %>
<% end %>
Upvotes: 1
Related Questions
- Opposite of Force_SSL in Rails?
- Force SSL for http requests in Rails
- how to suppress ssl on a single controller
- how do disable force_ssl option for just one action?
- How to set Ruby SSL method
- SSL configuration
- SSL with Ruby on Rails
- How do I selectively enable SSL in Rails 4 for certain paths?
- Force SSL for specific routes in Rails 3.1
- Partial SSL in rails