[英]Force SSL for http requests in Rails
I'm working on a platform built with Ruby(v2.1.2) on Rails(v4.1.6) and we're trying to enforce SSL. 我正在一个在Rails(v4.1.6)上使用Ruby(v2.1.2)构建的平台上,我们正在尝试实施SSL。 How do I go about doing this? 我该怎么做呢?
So far, I have force_ssl
到目前为止,我有force_ssl
# application_controller.rb
force_ssl if: :ssl_configured?
def ssl_configured?
return false if params[:controller] == 'high_voltage/pages'
(Rails.env.development? || Rails.env.test?) ? false : true
end
Which seems to work because when I try to do http://www.somecoolsite.com , it then automatically becomes https://www.somecolesite.com . 这似乎可行,因为当我尝试执行http://www.somecoolsite.com时 ,它会自动变为https://www.somecolesite.com 。
However, if I try to submit a JSON post request to the API portion of our platform, and the URL is http://
, the post request is somehow returning the results of a get request instead. 但是,如果我尝试向我们平台的API部分提交JSON发布请求,并且URL为http://
,则发布请求将以某种方式返回get请求的结果。 But when I change the URL to https://
, the post request works as expected. 但是,当我将URL更改为https://
,发布请求将按预期工作。 How would I go about fixing this so that if a client accidentally submits their request as http://
, it is rewritten to https://
? 我将如何解决此问题,以便如果客户端意外将其请求提交为http://
,则将其重写为https://
?
Thanks! 谢谢!
Have you looked at using config.force_ssl = true
in your production environment config? 您是否考虑过在生产环境配置中使用config.force_ssl = true
? This is far more all-encompassing, but can lead to other issues as well. 这是无所不包的,但也会导致其他问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.