Module: ActionController::ForceSSL

Extended by:
ActiveSupport::Concern
Includes:
AbstractController::Callbacks
Defined in:
actionpack/lib/action_controller/metal/force_ssl.rb

Overview

This module provides a method which will redirect browser to use HTTPS protocol. This will ensure that user's sensitive information will be transferred safely over the internet. You should always force browser to use HTTPS when you're transferring sensitive information such as user authentication, account information, or credit card information.

Note that if you are really concerned about your application security, you might consider using config.force_ssl in your config file instead. That will ensure all the data transferred via HTTPS protocol and prevent user from getting session hijacked when accessing the site under unsecured HTTP protocol.

Defined Under Namespace

Modules: ClassMethods

Constant Summary collapse

ACTION_OPTIONS =
[:only, :except, :if, :unless]
URL_OPTIONS =
[:protocol, :host, :domain, :subdomain, :port, :path]
REDIRECT_OPTIONS =
[:status, :flash, :alert, :notice]

Constants included from ActiveSupport::Callbacks

ActiveSupport::Callbacks::CALLBACK_FILTER_TYPES

Instance Method Summary collapse

Methods included from ActiveSupport::Concern

append_features, extended, included

Methods included from AbstractController::Callbacks

#process_action

Methods included from ActiveSupport::Callbacks

#run_callbacks

Instance Method Details

#force_ssl_redirect(host_or_options = nil) ⇒ Object

Redirect the existing request to use the HTTPS protocol.

Parameters

  • host_or_options - Either a host name or any of the url & redirect options

    available to the <tt>force_ssl</tt> method.
    

76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# File 'actionpack/lib/action_controller/metal/force_ssl.rb', line 76

def force_ssl_redirect(host_or_options = nil)
  unless request.ssl?
    options = {
      :protocol => 'https://',
      :host     => request.host,
      :path     => request.fullpath,
      :status   => :moved_permanently
    }

    if host_or_options.is_a?(Hash)
      options.merge!(host_or_options)
    elsif host_or_options
      options.merge!(:host => host_or_options)
    end

    secure_url = ActionDispatch::Http::URL.url_for(options.slice(*URL_OPTIONS))
    flash.keep if respond_to?(:flash)
    redirect_to secure_url, options.slice(*REDIRECT_OPTIONS)
  end
end