restricting force_ssl to one controller

[vanderkerkoff]

Hello everyone

rails3.2 ruby 1.9.3 nginx 1.5 passenger 4

I'm using force_ssl in a controller on our site, and certain actions within that controller.

force_ssl :only => [:show, :list, :toilet]

This works great, I can go to the site via http, no problems, and when I click on the link responding to the controller the https kicks in, and is also active on the other actions specified within that controller.

The issue I'm getting is after using that controller, which forces https, clicking on any other links within that site still uses https.

That's not what I imagined to happen, and may cause an issue.

Is the browser caching the https traffic and assuming to use it again?

Is there any way around this?

Any help, greatly appreciated.

V

[vanderkerkoff]

Ok, I've worked out what's happening.

When you're on the page that has been forced to be ssl, then all of your links that use /something will now pick up the https.

So all my main navigation links are pointing to https

I can't change them as the site won't work in development then or on any testing and staging servers.

um, this is a right pain in the arse.

Anyone know a way around it?

[Timster]

How are you generating the URLs for the links?

If you are using something like this:

  projects_path

You can change it to this, which will generate a fully qualified URL (with host and protocol):

  projects_url

And to explicitly break out of HTTPS, you can do the following:

  project_url(:protocol => :http)

[Matt Davies]

Hi Tim

They are navigation links in a global template set, haml.

 %li.events

        %a{ :href => "/events",:title =>"Events" }

          Events 

I think I'm stuffed.  

Even if I created a subset of the navigation set just for this section using full URLS, I'm still stuffed in development or any of the other testing servers with different URLs.

Any other ideas?

--
You received this message because you are subscribed to a topic in the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rubyonrails-talk/y7nRFfOzxi0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/9586b1d2-763b-4d46-8de5-fcc1d06b0731%40googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Timster]

You're not stuffed.

Right now you're generating the <a> tag manually with the path "/events"

If you switch to Rails helpers to generate the URL, your problems can be solved. Which helpers you use depends on how your routes are set up.

How do you have your routes set up? Do you have something like this?

  resources :events

If so, you can replace your %a link with this:

  link_to('Events', events_url(:protocol => 'http'))

[Matt Davies]

Tim, thanks for the help, worked a treat.

--

You received this message because you are subscribed to a topic in the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rubyonrails-talk/y7nRFfOzxi0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/89ee512e-541f-4666-a063-98a4a8eb7947%40googlegroups.com.