Reputation: 485
Force_ssl / force back to http. What's the best way to do this?
I am using force_ssl in my Users and Sessions controllers. This works great. When I go actions in either of these controllers my browser will redirect to https. The problem is that after the user is redirected to https their browser will continue to use https at least when using relative URLS. I'd rather the user use http for other pages in the application. I've come up with 3 possible strategies to guide users back to http for other pages.
Use absolute urls instead of relative urls. With this strategy I avoid using things like root_path, but instead use root_url. I can set default_url_options in my application controller to use http protocol. This way all links on in my application will attempt to guide the user back to http. They could always switch it to https in their browser manually, but I don't really care if they do that.
Write a before filter similar to https://gist.github.com/1040964. I don't really like this because I would have to repeat which controllers / actions I am forcing to ssl in the application controller as well as the specific controller in which I use force_ssl.
Use this plugin https://github.com/bartt/ssl_requirement. This plugin seems nice because it by default will force to http if I don't say anything. Forcing to ssl seems very similar to the include force_ssl method. This seems like a good solution but I don't want to rely on a plugin if there is a easy way to do this without it.
I can't decided which of these 3 options is the best and am looking for guidance. I'm also new to Rails so if any of these solutions is "bad" please let me know. Also if there are other options I am not aware of please let me know.
Which solution is best if any? (Rails 3.2)
Upvotes: 0
Views: 297
Answers (1)
Reputation: 26
Best is the plugin. The source code to that plugin is very similar to the code in your gist. In fact, if you're averse to the plugin, all you really need is the part here:
https://github.com/bartt/ssl_requirement/blob/master/lib/ssl_requirement.rb#L112
You can adapt it to your application_controller.rb or take the plugin fully.
Cheers.
Upvotes: 1
Related Questions
- skip/disable force_ssl for particular controller in rails
- How can I remove https and http from ruby on rails
- Opposite of Force_SSL in Rails?
- Force SSL for http requests in Rails
- how to suppress ssl on a single controller
- http.rb: how to disable ssl verification
- force_ssl in production.rb - how to override in controller to just be http
- How can I force Rails to only use TLS over SSL?
- How do I Redirect non SSL traffic when SSL is not needed?
- Rails: un force_ssl (back from https to http)