The visitor I was walking through the app with (over the phone) was
getting warnings as she advanced from page to page that she was “being
redirected to a non-secure page.” If she clicked OK, she was taken to
https:// the_next_page. This happened on every page within the app.
What could be causing this? The entire site is secured. All of the
pages advance via a button that’s a form_tag{:controller =>
‘some_controller’, :action => ‘some_action’} with nothing in the form
but the submit_tag. All the pages are being served from the app by
mongrel through Apache to the browser.
This is the only visitor that’s seen this behavior, but I assume that if
she saw it, others will too. She was accessing the site from her office
at Adobe, so I assume there’s some pretty heavy firewall stuff going on.
Could something on her end be causing this?
The visitor I was walking through the app with (over the phone) was
getting warnings as she advanced from page to page that she was “being
redirected to a non-secure page.” If she clicked OK, she was taken to
https:// the_next_page. This happened on every page within the app.
Is the visitor using IE 6?
There a problem with IE 6 that causes messages like this when you go
from a
secure page to an insecure page. That’s the opposite of what you’re
doing
but maybe it’s similar.
My company developed a plugin that addresses this by replacing the 302
redirect with an intermediate page that redirects using an HTML meta
redirect.
I’m not sure what version she was using, but I’ve been able to reproduce
it
using IE 6.
There a problem with IE 6 that causes messages like
this when you go from a secure page to an insecure page.
I’m getting it going from a secure page to another secure page. It’s
showing up when I redirect in a controller action, which I do a lot of
to
move from an update method in one controller action to an edit method in
another controller. It’s a forms-filling-out app so that structure is
unavoidable.
My company developed a plugin that addresses this
by replacing the 302 redirect with an intermediate page
that redirects using an HTML meta redirect.
The docs say redirect_to in ActionController is generating a 302 header,
so
it sounds like just what I need but I need to ask. Given what I’ve said
above, is there any reason to think this might not work? I’m not going
to
be able to see if it works on my dev box because the problem only shows
up
under SSL and I’ve only got that on my production box.
I can’t say for sure if refresh_to will solve your problem
because we’ve never encountered it before (until I saw
your message I would not have thought a 302 between
two secure pages would cause this problem).
Where I’m seeing the problem actually not between two pages, but between
two
methods. The process is
a) page submits to controller 1, action 1
b) controller 1, action 1 does its thing, then redirects to controller
2,
action 1
c) controller 2, action 1 renders new page
I’m pretty sure the problem is that the redirect_to in (b) is sending a
302
header. This is really way over my pay grade. So I’ll ask. Does a 302
header include info on where it’s being moved to? Like maybe there’s
an
http: prefix in there this I could override somehow? Do maybe routes
figure
in with this somehow?
I definitely plan to give the plugin a try. Thanks much for letting me
know
about it. To be honest though, if there’s an easier way like adding a
line
or two to routes.rb that would solve this problem, I’d definitely take
that
over changing a bunch of redirect_to lines of code.
Thanks again, Luke. I apprecitate you help very much.
under SSL and I’ve only got that on my production box.
Bill,
I can’t say for sure if refresh_to will solve your problem because we’ve
never encountered it before (until I saw your message I would not have
thought a 302 between two secure pages would cause this problem).
However, it wouldn’t hurt to try it out. I would test it locally on your
development box to make sure the site still works for you (that you can
fill
out the forms, etc.), then deploy it and test to see if it actually
fixes
the problem. As long as the plugin doesn’t break your site (I doubt it
will), it won’t be detrimental.
Luke
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.