Rails Force Ssl Only on Specified Controllers

Rails force ssl only on specified controllers

You can do this with constraints in routes.rb:

resource :account, :constraints => { :protocol => "https", :subdomain => "secure" }

Also, if you have many secure routes, and you want to DRY things up, you can create a scope for your secure routes:

scope :constraints => { :protocol => "https", :subdomain => "secure" } do

  ...[secure routes]...

end

skip/disable force_ssl for particular controller in rails

skip_before_action :verify_authenticity_token
force_ssl except: [:index,:create]

Its worked for me.

It is possible to force SSL only in specific views in RoR3?

Yes, you can use the force_ssl method in your controller. See the docs here.

class PagesController < ApplicationController
  force_ssl only: [:create, :update]
end

How to Force SSL to Specific Named Route in Rails

It doesn't look like you've provided a named route here (i.e. match '/find-a-abc' => "home#abc", :as => :named_route). You will need to do this and call named_route_url rather than just the controller and action to get the right URL.

If you want a specific route to always be handled with SSL, you could define the route like so:

scope :protocol => 'https://', :constraints => { :protocol => 'https://' } do
  match '/find-a-abc' => "home#abc", :as => :abc
end

Then abc_url should always be "https://local.demo.com/find-a-abc"

Partial SSL in rails

This is typically done with the SSL Requirement plugin. It sets up before_filters allowing you to specify which actions require SSL and which optionally allow it, and which specifically do not allow it.

Outside of that, it's just a matter of setting up 2 VHosts in your Apache (or whichever server you use) configuration, one for the SSL site and one for the non-SSL site.

Rails 3: Forcing HTTP in some parts, and Forcing HTTPS in others?

Not sure if this blog will be of any use to you: Always-On HTTPS With Rails Behind an ELB
also this may also be of use to you considering you are trying to force some parts of your application to use https. SSL Requirement. It details under the section about SSL requirement adds a declarative way of specifying that certain actions should only be allow to run under SSL. Should you want to specify the entire controller in SSL then call ssl_exceptions

Alternatively you could try and write a before_filter by doing something like 

class ApplicationController < ActionController::Base
  before_filter do
    if request.ssl? || Rails.env.production? 
      redirect_to :protocol => 'http://', status => :moved_permanently
    end
   end 
 end

Hope this helps


Related Topics

How to Convert Boolean Values to Integers

Installing Rmagick Gem -- Can't Find Magickwand.H

Ruby: How to Find the Key of the Largest Value in a Hash

Accepts_Nested_Attributes_For Ignore Blank Values

Why Does a Rails App on Heroku Serve Assets via All.CSS and Locally via Individual Files

Simple Ruby 'Or' Question

Scanning for Unicode Numbers in a String with \D

Ruby Regex Gsub a Line in a Text File

Ruby If VS End of the Line If Behave Differently

Check Method Call on Model Using Minitest

Ruby Inside JavaScript Block [Slim Template]

Ruby Variable Name with Double Underscores

Protected Sharing Link in Ruby on Rails

How to Split Routes.Rb into Smaller Files

How to Set a Variable from a Helper Method for Inclusion in a SASS SCSS Stylesheet

Calendar Events Notification Not Received on Server

Ruby/Pgsql Error on Rails Start:Cannot Load Such File -- Pg_Ext (Loaderror)

How to Disable Wait Time for Watir


Leave a reply



Submit