Add all metods in ssl_required

paulbutcher · September 5, 2008, 4:29pm

Can you easily add all methods behind the ssl_required instead of having
to add them one by one? Like ssl_required :all

paulbutcher · September 15, 2008, 10:59am

You can define a protected method in your controller, which will make
every action in this controller and all its subclasses only available
through ssl:

def ssl_required?
true
end

izidor

On 5.9.2008, at 16:29, Pål Bergström wrote:

paulbutcher · September 15, 2008, 1:27pm

Izidor J. wrote:

You can define a protected method in your controller, which will make
every action in this controller and all its subclasses only available
through ssl:

def ssl_required?
true
end

izidor

On 5.9.2008, at 16:29, Pï¿½l Bergstrï¿½m wrote:

Thanks

paulbutcher · March 26, 2010, 7:28pm

class SecureAreaController < ApplicationController

protected

def ssl_required?
  Rails.env.production?
end

end

class CreditCardController < SecureAreaController

…

end

paulbutcher · December 31, 2008, 5:39am

I’m concerned this may not be the best way to go.

in my /app/controllers/application.rb file i’ve added

def ssl_required?
return false if ENV[‘RAILS_ENV’] == true
end

So that I can still run my application on webrick without https in
development mode.

But, when I want ssl_required to work on all my controllers and utilize
the method below, my ssl_required? method in the application helper
doesn’t function as intended. the ssl_required in the individual
controller takes precedence.

it is too bad one can’t just add

ssl_required :all

Does anyone know how to solve both problems in the best way possible?

Thank you!

PÃ¥l BergstrÃ¶m wrote:

Izidor J. wrote:

You can define a protected method in your controller, which will make
every action in this controller and all its subclasses only available
through ssl:

def ssl_required?
true
end

izidor

On 5.9.2008, at 16:29, Pï¿½l Bergstrï¿½m wrote:

Thanks

paulbutcher · March 27, 2010, 6:42pm

Ryan, If you are using or can use passenger to serve your production
env, then an alternative that would make this a non-issue would be to
use passenger to serve your development env as well. That way you’d
be able to use ssl in dev env just as you would in prod env. Another
benefit would be that you’d also be able to test your prod env setup
(ie subdomain, virtual-host, passenger/web-server, etc) by having a
similar setup for your dev env.

Jeff

paulbutcher · May 18, 2010, 12:04pm

I found this fork of ssl_required that solves this problem, but I
haven’t tried it yet:

Ryan Wilson wrote:

it is too bad one can’t just add

ssl_required :all

Does anyone know how to solve both problems in the best way possible?

Thank you!