Reputation: 35189
redirecting from http://example.com to https://example.mysite.com
This question has been asked in various permutations, but I haven't found the right combination that answers my particular question.
The configuration
- Rails 3.1 (allowing me to use
force_sslin myApplicationController) - Hosted on Heroku Cedar (so I can't touch the middleware)
- My SSL certs are registered for
secure.example.com
I've already added force_ssl to my ApplicationController, like this:
# file: controllers/application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery
force_ssl
end
The problem
Currently, if a user navigates to http://example.com, force_ssl switches to SSL, but since it's NOT secure.example.com, it presents a warning about an unverified security cert because it's using the default Heroku cert.
(I've verified that navigating to http://secure.example.com properly redirects to https://secure.example.com and uses the proper security cert. That's good.)
The question
How do I force http://www.example.com/anything and http://example.com/anything to redirect to http://secure.example.com/anything? (I'm assuming that force_ssl will handle the switch from http to https.) Since I cannot touch the middleware (recall that this is Heroku hosting), I assume I can do something like:
# file: controllers/application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery
force_ssl
before_filter :force_secure_subdomain
private
def force_secure_subdomain
redirect_to(something...) unless request.ssl?
end
end
... but I haven't sufficiently grokked redirect_to and the request object to know what to write for something.... (I want to be sure that it handles query params, etc.)
Upvotes: 3
Views: 978
Answers (2)
Reputation: 1483
you can redirect to a different hostname by doing the following:
# file: controllers/application_controller.rb
class ApplicationController < ActionController::Base
force_ssl :host => "secure.example.com"
end
see: rails force_ssl source for more info
Upvotes: 4
Reputation: 22238
You should have a look at rack-rewrite - it's essentially Apache re-write but in Ruby form, and usable on Heroku.
This will allow you to create all sorts of Rack level rules and what redirections etc should occur and when.
Upvotes: 0
Related Questions
- Redirect from http to https on HEROKU
- How to use HTTPS on my customdomain on Heroku?
- Rails - How to Redirect from http://example.com to https://www.example.com
- Rails Heroku SSL https:// redirect
- How to remove an SSL redirect on Heroku and Godaddy
- Heroku Rails Force SSL Redirect Loop
- Is it possible to redirect a url that uses HTTPS protocol? (Heroku, Rails)
- Redirecting an old SSL domain to a new one on Heroku (w/ Rails 3)
- redirect to 'www' before force_ssl
- How can I redirect pages with forms to https://secure.example.com?