Force SSL using ssl_requirement in Rails 2 app

ruby-on-rails ssl ruby-on-rails-2
Victor Lam picture Victor Lam · Oct 5, 2010 · Viewed 14.6k times · Source

I have a Rails application which need to run under SSL. I tried ssl_requirement but seems I have to type in all the actions in every controllers.

Is there any method that I can add a before_filter in application controller with ssl_requirement, so that the apps will redirect to https automatically when user request is in http?

Thanks all. :)

Answer

Simone Carletti picture Simone Carletti · Oct 5, 2010

Use a Rack Middleware.

# lib/force_ssl.rb
class ForceSSL
  def initialize(app)
    @app = app
  end

  def call(env)
    if env['HTTPS'] == 'on' || env['HTTP_X_FORWARDED_PROTO'] == 'https'
      @app.call(env)
    else
      req = Rack::Request.new(env)
      [301, { "Location" => req.url.gsub(/^http:/, "https:") }, []]
    end
  end
end

# config/environment.rb
config.middleware.use "ForceSSL"

Related questions

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

I am using Authlogic-Connect for third party logins. After running appropriate migrations, Twitter/Google/yahoo logins seem to work fine but the facebook login throws exception: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed The …

Read More
bundle install fails with SSL certificate verification error

When I run bundle install for my Rails 3 project on Centos 5.5 it fails with an error: Gem::RemoteFetcher::FetchError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://bb-m.rubygems.org/gems/multi_json-1.3.2.gem) …

Read More
SSL Error When installing rubygems, Unable to pull data from 'https://rubygems.org/

I am trying to do the Michael Hartl tutorial. When I attempt to install rails 3.2.14 in my gemset, I get the following issue: $ gem install rails -v 3.2.14 ERROR: Could not find a valid gem 'rails' (= 3.2.14), here is why: Unable to …

Read More